In this final installment of Parenting for the Digital Native, we conclude this series by looking at the other popular platform on the market for mobile devices — Android.

While Apple has caught a fair amount of criticism over the controls and demands put upon developers, the Android operating system offers an alternative for app designers and developers. With fewer restrictions and encouragement to develop for an open platform, it has been embraced by wireless carriers, Google, and now Amazon with the release of the Kindle Fire.

The Fire has been just that —on fire — since its release, selling units at a blistering rate of one million a week, for three straight weeks, according to USA Today, easily making it one of the top gifts on wish lists for all ages.  These are impressive numbers, particularly in light of criticisms in the device’s functionality and its security issues.

The Fire is just another device akin to the Droid smartphones that store and house sensitive data. Stories such as this one from December 12 should not only capture the attention of Fire owners, but smartphone, and tablet owners as well. How secure is your data on the Android operating system, and what can you do to prevent malware or virus infestation?

The risks in using Android devices, however, are acceptable in the opinions of many tech critics and commentators. JR Raphael wrote in PC World “The answer isn’t locking down the world; it’s taking basic precautions.” This is something that both Apple and Android do have in common: Security begins with the user. If your child or teen has received a new Android-powered mobile device, take the initiative and consider the following options:

• Install mobile anti-malware software on your mobile device. Treat your tablet and your smartphone just as you would your home computer and download anti-virus software. Some apps like AVG Mobilation, Lookout Mobile Security, and Webroot SecureAnywhere are free. Make sure, before downloading, that you read reviews from reputable sources (Droid blogs, CNet, PC Magazine, etc.) to be sure the developers are legitimate and have a solid reputation.
• Set up your device with both a Screen Lock and a SIM Card Lock. Found under Apps > Settings > Security, you have the ability to set up your Screen Lock and SIM Card Lock. Both directly impact access to your phone as the first allows people to turn on the phone and gain access to your apps while the second forces users to type in a PIN in order to use the phone. By creating passcodes (in the form of either four-digit PINS, or patterns you create with a simple three-by-three grid), you can essentially lock down all access to the phone itself.
• Set a unique password for Credential Storage. In cases where you are accessing wifi networks or any online accounts, you can have your Droid device remember passwords for you. These are what the Droid refers to as Credential Storage. Here in the device’s Security Settings, you can also set for this storage a separate password (and it should be a unique password, unlike “password,” “pa55worD,” or the same PIN as used to access your phone), establishing yet another barrier of protection.
• Disable Location Services. There are advantages and disavantages to this (which we will address later in this column), but if you would prefer not to have your location volunteered to another party, you can go in your phone to Apps > Settings > Location and disable all the options listed here. This will essentially disable all ability for your phone to be tracked via GPS and WiFi networks. Keep in mind, this will also disable maps providing you tailored directions from where you are, and also render apps such as OpenTable and AroundMe useless.

With just these basic tips, your phone can effectively be protected by any unwanted party, either through malware or by gaining access to your phone without your knowledge.

Now that we have our Digital Native’s data secure, how do we keep track of our device if lost, or, in that worst-case scenario, stolen? There are Android solutions available, much like FindMyiPhone, that can assist in keeping track of your phone and locking it down in case of theft.

Where’s My Droid will allow you to locate your missing phone by having it play your ringtone (even overriding its “silent” setting). This app also enables Passcode Protection remotely, and alerts you if your phone’s SIM card is swapped out.  The basic “Where’s My Droid” app is free. (A “Pro” version of the app is available for $3.99.) Other options include AVG Mobilation, Lookout Mobile Security, and Webroot SecureAnywhere.

No, you are not seeing a typo — these earlier mentioned anti-virus packages also come with the following options:

• Phone Location
• Remote Lockdown
• Remote Datawipe

Essentially with one download, your Droid-powered device is protected both from viruses and physical theft.

As we mentioned with the Apple devices, you will need to have Location Services enabled. These phone locator apps are reliant on WiFi and mobile data networks to help pinpoint your device’s location, so keep all this in mind when you are securing your Digital Native’s Droid-driven device.

Regardless if these tips are applied to your Digital Native or to yourself, your data and your child’s personally identifiable information (PII) are worth these extra steps. The less room you have for human error, the safer your sensitive data will be. Parenting for kids (be they toddlers or teenagers) does not have to be that challenging when it comes to new technology, regardless of the operating system. It will come to a decision on the parent’s part to invest time in understanding what the technology does and the most efficient way to lock it down and control its content. As stated earlier, security with technology begins with the user.

Take control.

This holiday, the video game market is hoping for gamers of all ages to be asking for epic adventures and action under the tree, releasing a barrage of high-adrenaline, visually stunning games just in time for Christmas. One such offering from Electronic Arts (EA) is the first-person-shooter (FPS) combat simulator Battlefield 3. Battlefield 3 sold more than 5 million copies in the first week it was available, and 12 million copies in the first month. Equally impressive were its online reviews, one gaming critic praising it as an “an unforgettable, world-class multiplayer suite.” Such hype and attention has made this game not only a hit but a “must have” for the gaming connoisseur.

However, particularly when it comes to the multiplayer aspect of the game, Battlefield 3 does tend to trip up a bit on the laces of its combat boots. In order to take advantage of the multiplayer features (in other words, play the game in real time, online), you are required to install and accept the terms of service (TOS) of the Origin service. In August 2011 there was a huge backlash against EA and the Origin End User Licensee Agreement, which gave EA the right to snoop the information running and stored on your computer for all kinds of information and sell it to third parties. The original Origin TOS stated that EA could use Origin to access other EA products without notifying the user, plus the right for EA and unnamed “partners” to “gather, use, store and transmit technical and related information” on “IP addresses, usage data, software, equipment, software usage and existing hardware peripherals” according to the terms of use and for “marketing purposes”.

In response to the criticism, EA issued this statement:

“EA would never sell your personally identifiable information to anyone, nor would it ever use spyware or install spyware on users’ machines. We and agents acting on our behalf do not share information that personally identifies you without your consent, except in rare instances where disclosure is required by law or to enforce EA’s legal rights.”

While EA will continue to collect data about your PC system and its usage, they removed the clause in the TOS that gave them the right to use the data for marketing purposes.

While this has appeased most American gamers to the point where only the fringe Battlefield 3 online players are still complaining about it, German gamers are in an uproar because they claim that they will not allow EA to collect information deemed private in Germany – even if such collection is included in the TOS.  There have been more articles showing up online about removing Origin (there’s a crack available from the hacker group Razor1911), but it’s nothing like the volume of returns and full refunds given to German Battlefield 3 gamers.  Big German games retailers Media Markt and Saturn went so far as to refund used editions of Battlefield 3 even after the PC keys had been redeemed.

EA responded in late October and said they were never collecting that information but just to be thorough they changed their TOS. “We have updated the End User License Agreement of Origin, in the interests of our players to create more clarity,” EA Germany announced in a statement:

“Origin is not spyware. Neither do we use nor install spyware on the PCs of users…

We do not have access to information such as pictures, documents or personal data, which have nothing to do with the execution of the Origin program on the system of the player, neither will they be collected by us.

EA takes the privacy of its users very seriously. We have taken every precaution to protect the personal and anonymous user data collected.”

Origin’s license agreement matches “industry-standard privacy policies”, EA stressed.  But “where necessary, we will of course work together with the relevant Government agencies to ensure that our policies are and remain legally compliant.”

However, in mid-November the plot thickened.  Battlefield 3 has anti-cheat software built into it called PunkBuster, made by EvenBalance, Inc.  I’ve written about PunkBuster before as a potential piece of spyware.  The TOS to PunkBuster includes:

“Licensee understands and agrees that the information that may be inspected and reported by PunkBuster software includes, but is not limited to, Licensee’s Internet Protocol Address, devices and any files residing on the hard-drive and in the memory of the computer on which PunkBuster software is installed. Licensee acknowledges and agrees that if Licensee does not want Licensor to collect and process such information, Licensee should not use the PunkBuster software.

Further, Licensee consents to allow PunkBuster software to transfer actual screenshots taken of Licensee’s computer during the operation of PunkBuster software for possible publication.”

It would make sense for anti-cheat software to be able to monitor processes, but this goes way beyond what might make sense.

It’s up to you to decide which is more important to you: Your privacy or Battlefield 3.  From everything I’ve read it is a great game, but is it worth potentially exposing critical private information to prying eyes, even if those prying eyes assure you they aren’t looking?

Black Friday has come and gone, leaving in its wake record numbers, a hint of optimism on the stock market, and at least one story concerning overenthusiastic shoppers. Just because Black Friday 2011 is done, though, does not mean that holiday shopping has concluded. With a mere eighteen days remaining (and while that sounds like a lot of time, those eighteen days will fly by), consumers are still shopping for that perfect holiday present. According to the National Retail Federation’s 2011 Holiday Consumer Intentions and Actions Survey, conducted by BIGresearch, holiday shoppers say they plan to spend an average of $704.18 on holiday gifts and seasonal merchandise. Additionally, nearly six in 10 holiday shoppers (59.9 percent) say they plan to take advantage of retailers’ sales and discounts to make additional non-gift purchases for themselves and their families during the holiday season.

Once your purchases are made, though, there are still concerns to keep in mind. As reported by Bloomberg Businessweek, MSNBC, and this blog, many cases of identity theft happen after purchases are made, originating from within the business or service where a transaction has occurred. Just last month, New York authorities shut down an identity theft ring where waiters were skimming credit cards of their patrons in order to make counterfeit cards for themselves.

One way of preventing identity theft and credit fraud is awareness. You as a consumer should not only remain aware of what you are spending but where you are spending your hard-earned money and what is happening in your bank account after a transaction has happened. Whether purchasing merchandise online or at the mall, IDGuardian offers a few tips that can help you stay within their budget and help protect you and your accounts from potential fraud.

1. Double check your email inbox.  It is often reported that email scams from retailers will appear to be legitimate when sent to the consumer; however, savvy fraudsters have designed these “fake” emails to steal the consumer’s personal information by having them click on a fraudulent link.  When in doubt, do not respond.  The safer option instead of clicking on the link, is to enter the address directly into the address bar.  Most retailers will not ask for personal information via email.
2. Beware of Public Wi-Fi.  With the increase in popularity of mobile gadgets, they have made shopping at your fingertips more convenient.  But keep in mind that your local coffee shop or hotel lobby may not be secure. Know your device settings, and double check that your network is secure before you type in your credit card information.
3. Create a secure environment. Before shopping online, make sure your computer is up-to-date with the latest anti-virus software, updated regularly. Make sure the anti-virus package you install prevents viruses, malware, and keylogging to keep the fraudsters from capturing your most private information like passwords and user IDs.
4. Keep a close eye on your accounts for suspicious activity.  As you do your holiday shopping, you need to constantly monitor bank statements and accounts to detect any fraudulent or suspicious activity. Save your receipts to help compare your purchases against your bank and credit card statements.  Fraud does happen and can happen to anyone.  If you suspect fraudulent activity, immediately contact your bank or credit card company.
5. Be careful about where you shop online.  As more and more people turn to the Internet for their holiday shopping, it’s important to make sure the websites they are using are secure and legitimate.  Check to see if there is an “s” in the website address (https:// instead of http://).  Look into anti-virus software packages that can also verify IP addresses you are logging into to make sure it’s legitimate.

Particularly around the holidays and the closing of a year, it is sometimes difficult to remember to take a breath; but when it comes to your identity, it only takes a moment to protect yourself. And with that moment taken, you can now have peace of mind as you wish “Peace of Earth” to friends and family this holiday season.

Tampa Bay Online recently ran a story on what could be a growing problem of identity confusion, a case where a victim is treated like a criminal because the real criminal happens to have the same name, date of birth, and even Social Security number. While there are not too many documented cases, it could be a growing problem simply because of the number of errors contained in public databases that result in inaccurate information.

In this case, a resident of Florida named Fabian Lopez has spent years trying to convince anyone who would listen that he’s not the Fabian Lopez, of New Jersey with the same date of birth. According to court records, New Jersey Fabian has an extensive criminal history, including charges of lewdness, criminal sexual contact, burglary, failure to comply with conditions of bail, and failure to appear in court.

It’s that record that seems to have hijacked the life of the victim, including a very public arrest by law enforcement. “This is worse than identity theft,” Lopez said in an interview with Tampa Bay Online. “It’s not that they stole my identity – they’re giving me an identity that’s not mineBecause of the confusion, the victim in Florida has been unable to obtain a driver’s license, especially tough when he drives a cab for a living.

This is not a case of identity theft, so the victim can’t benefit from all the laws and services that are in place to protect victims of identity theft. If there are errors in a database that incorrectly match a date of birth, Social Security number, or address, these can be fixed, but it’s rarely easy.  The victims are left with a lifetime of groundhog days, constantly going through the same routine to explain they’re not who people think they are, even if they’re trying to explain it from a jail cell.

 

RELATED STORY: Identity Theft in Reverse

http://www2.tbo.com/news/news/2011/aug/02/identity-theft-in-reverse-ar-247749/

As vacationers across the country hit the roads for end-of-the-summer getaways, scammers as usual, are not very far behind. Scams and identity theft in the hotel and hospitality industry are nothing new, in part because scammers love to target places where there are plenty of people who may be too busy, too distracted, or moving too fast to realize they’re being scammed. Until it’s too late.

Researchers have spotted a recent spike in spam email trying to trick users into opening an infected file by advising the recipient of a mistake with a recent transaction at the hotel. Emails that use things like transaction notices and receipts are nothing new, usually popular around the Christmas holidays when people are more likely to be buying stuff and also more likely to click on such an email.

Recipients of the email are warned that there was an error with a payment or transaction at a hotel, with subject lines like “Hotel [Major Chain] Las Vegas made wrong transaction,” and “Wrong transaction from your credit card in [Major Hotel Chain] Atlanta.”

The scammers’ expectation is that recipients will either be on vacation or have recently returned, and may genuinely believe that there was a mistake with their payment or their credit card was compromised while on vacation and is now being used by the thieves.

The email usually contains an attachment that purports to be a receipt or explanation but instead hides a nasty piece of malware. In some cases the malware is promoting fake anti-virus software.

Lessons learned?

• Avoid advertising your whereabouts on social networking sites, and avoid geo-tracking. This gives thieves the information they need to target you. particularly if you are sharing your whereabouts.
• Guard your computer from key loggers, hackers, spammers, and botnets by installing up-to-date anti-virus and anti-spyware software on your laptop computer.
• Limit the number of credit cards you bring with you. Carry just one and keep a backup in the hotel safe. Keep a copy of the emergency contact numbers for your credit cards and bank accounts handy in case they’re lost or stolen. If you are using debit cards while on vacation, be cautious and protective of PINs, especially when withdrawing money. If you’re driving on vacation, only use credit cards to pay for gas, and be vigilant for gas pumps that appear to have been tampered with.
• And of course, never click on an attachment in any email you’re not expecting. If you get an email from a hotel disputing a charge or payment, go directly to the hotel web site and call the customer service number.

RELATED STORY: Fake ‘wrong transaction’ hotel spam hits email

http://www.msnbc.msn.com/id/43948767/ns/technology_and_science-security/

As home buying and selling activity increases, and so does the risk of identity theft as personally identifiable information (PII) is shuffled around from one home to the next. During this busy time, buyers and renters become preoccupied with financing their new homes, closing and opening new banking and utility accounts, and packing and moving—all stressful tasks that can distract them and cause them to simply overlook protecting sensitive documents and PII.

According to Javelin Strategy and Research, more than eight million Americans fell victim to identity theft in 2010. To protect yourself from this threat in 2011, we at IDGuardian recommend that you take precautions and follow a list of simple steps homeowners can take throughout the moving process to help protect their identity.

1. Submit a Change of Address Form. Submit an official Change of Address Form through your local post office, and once the request has been filed, keep an eye out for a confirmation from the Postal Service. You’ll want to use this to verify that your new information has been correctly updated.  You can expect your mail to arrive at your new address within 7 to 10 business days after filing.
2. Shred sensitive documents. All important documents and paperwork that will not be coming with you should be shredded to prevent thieves from finding any information in your trash. A small investment in a shredder is well worth it when you consider the headache it could be preventing.
3. Monitor financial statements. Watch over your bank and credit card statements for suspicious activity.
4. Use reputable moving companies.  Many Americans use a moving service to help pack and move their boxes, but mover fraud is becoming more commonplace in the U.S. Take the time to read reviews, research the company and ask trusted friends, family or real estate agents for recommendations. Always check the mover’s reputation with the Better Business Bureau and  make sure the mover is registered with the Federal Motor Carrier Safety Administration (FMCSA), and has a U.S. Department of Transportation (USDOT) number before signing any agreements or obtaining an estimate.
5. Keep documents with you. Transfer all important physical documents that will be making the move, such as wills, stock certificates, bonds, etc., to a safe and secure place such as a locked box. Keep the physical documents with you during the move and do not leave any secure receptacles for movers or others to transport.
6. Lock down your computer. Devote time and resources before your move to make sure all computers in your home are hack-proof and packed and out of sight before movers arrive.
7. Supervise the move. Make sure you are present for the entire duration of the move. Your presence could deter potential theft from occurring and you can rest assured that your personal belongings are being taken care of properly.
8. Check your credit report. Take a look at your credit report for several months after you’ve moved. Any suspicious activity on the report may be a sign that your information has been compromised and local authorities and banks should be contacted.
9. Verify mail is being delivered. After the move, verify that you are receiving all mail from the list of senders you identified and contacted beforehand.

About an hour ago, this appeared in my Facebook News Feed. Here are a few things to note about how this is revealed as a clickjacking scam:

1. This is a supposed video tweet, but note under the link the main “home” for this URL is heading back to LinkedIn.com. An odd correlation.
2. Poor punctuation. There’s not apostrophe in Justin Bieber’s name.
3. This unflattering photo hit headlines on March 2, not today (or “20 minutes ago” as this link claims)

These may all seem like minute details, but these details are what hackers and spammers are counting on you glossing over. In the “speed of one click” you can easily surrender control of your Facebook account credentials, counting on you to race to see who can share a sensational link first in your network. Whenever you have shared URL’s like this appear in your News Feeds, it is best to stop and think before you click. Many of these scams can be caught right away from the small image (or thumbnail) associated with the link. (Obvious malicious links will be displaying intimate parts of male and female anatomy.) So if something like this pops up in your News Feed, don’t click just yet. you may regret it.

Remember that clickjacking is a hackers’ tactic technique of tricking users into clicking on a link possessing code that can surrender personally identifiable information without the user’s knowledge, allowing hackers to take control of an online account (or, more dramatically, their computer). The reason why these scams are so prevalent on Facebook is that 20 percent of Facebook users click on these links. This is according to a study, reported by CNET, in 2010.

I’m sure you’ve heard of scareware by now — fake anti-virus software that warns you of fake malware on your computer in order to trick you into paying real money to get rid of it. Like almost every cybercrime and cybercon in circulation, crooks invest considerable time and money into scams like this because they really work.

One of the most successful of the scareware kings is Sam Jain, now on the run after authorities busted his scareware operation that reportedly has made the crooked entrepreneur more than $100 million. From selling nothing but fear.

The U.S. Attorney’s Office in New York is now trying to get its hands on that money and, as in any criminal pursuit, wants to flush the crook out into the open by cutting off the money supply he needs to stay on the run. They recently filed a lawsuit seeking to forfeit more than $14 million believed to be deposited in just one account, in Switzerland.

Whether they actually catch Mr. Jain doesn’t really matter (although they probably will). The reality is that the scareware business is so lucrative there will always be a long line of crooks ready to step up and take over where the last one was caught and incarcerated. These scams take a variety of forms, all of which are profitable. In Mr. Jain’s case, not only was he selling fake versions of Symantec security software, he was also accused of selling more than one million copies of other fake anti-virus software that was not only incapable of detecting malware, but it actually installed spyware on customers’ computers.

According to the indictment, the elaborate scheme involved setting up fake advertising companies that would allow the crooks to legitimately purchase ads across the Internet. These ads were programmed to create annoying pop-ups warning of computer infections and tricking users into paying to remove the malware.

In an interview in 2010 with NetworkWorld, attorneys who had filed a class action lawsuit against the crooks estimated that the amount of money the crooks make from the scheme, which snared victims in more than 60 countries, probably exceeded the original $100 million estimate.

Lessons learned?

• Because so much scareware is delivered through infected pop-up ads, always ignore any ads on a website that warns you your computer has been infected.

RELATED STORY: Feds Seize Swiss bank account of scareware mogul

http://www.networkworld.com/news/2011/060911-scareware-mogul.html

Summer is about to begin (although with record breaking temperatures, it feels like it’s here already), and now both individuals and families turn their thoughts to the big getaway. Travel plans are confirmed, bags are packed, and all that’s left on the “To Do” list is to hit the road for destinations far and wide. According to the U.S. Travel Association, 2.1 percent more vacation travel just in the United States is expected this year than in 2010.

No matter where travelers are headed, domestic or international, they will likely be distracted by their new surroundings, making them prime candidates for identity thieves.   Identity thieves prey on unsuspecting tourists – even the savviest of business travelers – banking on the fact that many travelers are focused more on their itinerary than on their identity exposure.

So in the days before hitting the road or checking in with your airline, you might want to stop and consider how secure your identity is while on the road, as well as in your vacant home. By investing a few minutes in some basic safe practices, you can help to minimize the impact of identity theft.

1. Protect your home. Have your mail collected or held at the Post Office, ideally have someone visit and turn lights on and off, and do not leave financial documents lying in plain view.
2. Avoid advertising your whereabouts on social networking sites. This gives thieves the information they need to target empty homes.
3. Disable geotagging features on smartphone apps and other devices. This is an extra tool for the bad guys to know your whereabouts and to potentially break into your home while you are away.
4. Guard your computer. Protect yourself from key loggers, hackers, spammers, and botnets by installing anti-virus and anti-spyware software on your laptop computer. If browsing the Internet with a wireless connection, do not assume public “hot spots” are secure.  Ensure you are using encryption to scramble communications over a network.
5. Exercise caution when logging into public networks. If you need to access your email from a cyber café or other establishment, limit your access. Avoid entering any passwords to your personal financial accounts, and be sure to log off when you are finished with your session.
6. Be aware of potential phone scams. If you’re staying at a hotel or motel and receive a call from the reception desk asking that you confirm a credit card number, tell them you’ll provide the information at the front desk instead.
7. Limit the number of credit cards you bring with you. Carry just one and keep a backup in the hotel safe. Keep a copy of the emergency contact numbers for your credit cards and bank accounts handy in case they’re lost or stolen.
8. Limit debit card use. It is not recommended that travelers use their debit cards while on vacation, but if they do, they should be cautious and protective of their PIN when withdrawing money. When withdrawing money from an ATM, be cautious, and be protective of your PIN.
9. Keep documents in a safe place. Remove all documentation and cards from your wallet or purse that you don’t need during your travels.
10. Back up your documents. Make a photocopy of the cards and documents in your wallet or purse, including credit and ATM cards, store cards, drivers’ licenses, to leave with someone you trust so you know what to cancel if your wallet is stolen.
11. Consider utilizing a credit and public monitoring service. If you’re leaving for an extended period of time consider using a credit and public monitoring service that alerts you to potentially suspicious activity.

By being aware of your identity and all that is associated with it, and by following the tips outlined above, you can invest quality time with your family and relax while you are away.

To bring attention to this week being National Small Business Week, I have put together this blogpost concerning a recent study from Javelin Strategy & Research. This report takes a long, hard look at the impact of identity theft on small businesses; and the news isn’t encouraging.

The Javelin study of more than 5,000 small business owners, extrapolated that U.S. small businesses lost approximately $8 billion to identity fraud in 2010, and although financial institutions and merchants covered most of the losses, victimized firms had to absorb more than $2.6 billion.

The study also found that small businesses suffer greater losses than consumers, with the average cost of fraud more than double that faced by consumers. And as the Javelin report also pointed out, small businesses don’t enjoy the same zero liability protections that most consumers do. Which means they’re on the hook for any losses their bank can’t recover.

Javelin’s report came on the heels of a number of other troubling reports. In April 2011, the FBI issued a warning that cyber crooks were increasing their focus on small businesses, and that small and mid-sized businesses lost more than $20 million to unauthorized bank transfer scams in 2010.

The amount of money lost in each attack ranged from $50,000 to $985,000, and Chinese cyber gangs were believed to be responsible.

In an interview with BankInfoSecurity.com, Tom Wills, a fraud analyst with Javelin Strategy & Research commented that “the low-hanging fruit for these overseas criminal syndicates is clearly small and medium-sized businesses, which, because of inadequate and antiquated security controls at 99 percent of U.S. banks, combined with the larger bank balances that businesses typically hold, represent much better financial yields to the fraudsters than when consumers are targeted.”

He added “Financial institutions of all sizes in the U.S. need to focus their risk management efforts on the small-business segment with some urgency.”

Things to think about…

• We need to do more to protect our small businesses. According to the U.S. Small Business Administration small businesses represent more than 99% of all businesses, employ more half the U.S. workforce, create more than half of the nonfarm GDP, and represent 97% of all identified exporters.
• Banks and credit unions need to take a lead in this fight, and do more to educate small business owners about the variety of risks they face – and the serious consequences for ignoring them.

This week, when honoring small business owners, we also need to consider the threats they face and how they affect us as consumers as well. Later this week, I’ll be featured on the IDGuardian podcast in a video segment I recorded concerning small businesses, their security plans, and what we all can do to protect ourselves. When and where we can, we must help protect the small business owner from potential threats and remain vigilant ourselves as we continue the fight against fraud and identity theft.

Back in March, Intersections Inc. CEO Michael R. Stanfield presented a three-part series on the Digital Footprint of a College Graduate. His blogposts covered:

• A Graduate’s Social Media Profile
• A Graduate’s Credit Profile
• A Graduate’s Job Search Profile

In this episode of the IDGuardian Podcast, Michael looks at the earlier years of a child’s life, and how important it is for parents to keep a watchful eye on the credit and identity of their children as identity theft against minors is on the rise.

Our audio and video columns can be listened to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

Michael R. Stanfield co-founded CreditComm, the predecessor to Intersections, in May 1996 and has been Chairman, Chief Executive Officer and a Director since that time. Michael has been involved in management information services and direct marketing through investments and management since 1982, and has served as a director of CCC Information Services Inc. and BWIA West Indies Airways.

This podcast is copyrighted 2009-2011, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

The events of May 1, 2011 are dominating the news headlines.  A reoccurring tone in all these commentaries on the death of Osama bin Laden has been vigilance against terrorism, staying safe, and keeping our guard high. This alert is also about vigilance, but on completely different subject matter: Phishing and malware scams.

It did not take long at all for opportunists to set up bogus links to websites, supposed “de-classified” video from the strategic strike against Osama’s compound, and images ranging from actual location shots to conspiracy theorists’ “faked death” photos, all of these links merely triggers for a variety of malware targeting your computer.

Kurt Baumgartner, a senior security researcher for Kaspersky Labs, stated in an ABC news article that cybercriminals started using top search results related to bin Laden in Google Images to redirect people to pages filled with malware and even scareware alerting unsuspecting users that a virus has, in fact infected their computer (a common trick used in obtaining credit card numbers). Sophos Labs reported a “Osama bin Laden death video” spreading virally on Facebook. The messages leading to the video link claim there is “a video of bin Laden’s final hours, banned by media censors.” Once Facebook users “Like” or share the link, Facebook users give cybercriminals access to their contacts.

Read the entire article here.

In light of current events, it is easy to get swept up in the fact-checking and breaking headlines, but a few seconds of caution is all that is needed:

• If the link sounds too good to be true (example — “OSAMA BIN LADEN EXECUTION VIDEO! CLICK HERE”), it is. Don’t click it.
• Rely on established news resources for your facts, your images, and your video links.
• If your computer suddenly informs you that you have a virus, do not panic and click on links that offer you antivirus software. Instead, either run your current anti-virus package or purchase software that comes from a trusted vendor of anti-virus protection.

UPDATE: Along with the Osama bin Laden videos and stills, there are two other “clickjacking” scams viral on Facebook:

• “See how you will look in 20 years…”
• “Find out who’s stalking you…”

These apps are phishing scams. Do not click on these links. Alert your friends sending these chat messages or wall posts, and encourage them to remove the dangerous posts from their walls and change their FB passwords.

Tax season is a time of year when thieves and scam artists are very active. The risk for identity theft and identity fraud runs high. This episode features Steve Schwartz, Executive Vice President, Consumer Services for Intersections Inc. Steve talks about some of the latest scams that are circulating this year, and also gives us some important tips for staying safe.

Our audio and video columns can be listened to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

Steve Schwartz, before stepping into Intersections’ role of Executive Vice President, Consumer Services in 2006, served as Senior Vice President at The Motley Fool, as well as Vice President at Time Life, Inc. During his career, Mr. Schwartz has worked extensively in the direct response marketing field, including positions at Book-of-the-Month Club and Columbia House.

This podcast is copyrighted 2009-2011, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

Administrators’ Note: Just last month, we ran this article concerning tax preparation and the scams found cropping up around this time. With deadlines fast approaching, we present a re-post of our March 8 posting, complete with tips that will keep you safe before and after the 2010 tax season.

Tax season involves the exchange of a lot of documents and communications which contain sensitive personal information including addresses, Social Security numbers (SSN), employer information, and bank account numbers, all of which can be used to compromise or steal the identities of their owners. Identity thieves will use various scams and schemes this year to either forcibly gain access to this information or con taxpayers into willingly and unknowingly handing it over. And with new IRS regulations, within two years, all paid tax preparers will be required to submit all returns electronically. Adding to this digital deluge of incoming data, the IRS has reported that the majority of income tax refunds will be sent to taxpayers electronically, making your computer and electronic networks everywhere a prime target for identity thieves.

In years past, fraudsters have used a number of methods to steal or obtain personal information. Fraudsters commonly masquerade as the IRS, calling and convincing unsuspecting tax payers to turn over their Social Security or bank account numbers in order to correct a factual error on their return or expedite the deposit of their refunds.  Fraudsters have also distributed emails claiming to be from the IRS with attachments or links that contain Trojans or other malware that can easily empty the victim’s bank account. Consumers need to be cautious not just of scammers working under the mask of the IRS, but also of emails or phone calls from property tax appraisers or local county tax assessors, which could just be another rouse employed by identity thieves.

In order to help you avoid even the best laid identity theft traps, we have compiled a list of tax season safety tips to guide consumers this year.

Top 13 Tips for a Safe & Secure 2010 Tax Season:

1. Be suspicious of any calls or emails purporting to be from the IRS, no matter what the issue. For example, some scams claim that someone else has already filed tax returns in your name or with your SSN.  The IRS will always write to you first, will rarely call, and will never email you.
2. Never confirm your SSN or bank account details by email or over the phone.
3. If your bank or employer has been taken over lately, be wary of any calls asking you to confirm your tax information or employment status.
4. Guard your mail because it’s especially attractive at tax time.  Ideally, have your mail delivered to a P.O. Box and mail tax returns and sensitive information directly from the post office.
5. If you plan to use an online tax preparation service, make sure you stick with a reputable one that has adequate security measures in place.  And be careful when typing in the URL or web address of an online service in case you misspell the name and end up on a fraudulent site that looks like the real one. Invest in software that can help you stay safe by alerting you to questionable sites when you type in URLs.
6. If you plan to use online tax preparation software and intend to keep a copy of your return on your computer, you should immediately rename your return with a different file extension.  It is also highly recommended you use a USB external drive to save your information instead of storing it directly on your computer.
7. Make sure your computer is free of malware like computer viruses and spyware that can steal a copy of your SSN or bank account password.
8. Choose your tax preparer carefully and don’t be afraid to ask them important security questions, such as how your information is protected at their offices during and after preparation, how long they will keep a copy of your tax return, and whether they conduct background checks on their employees.
9. If you owe money to the IRS, try to pay online through their system.  If you have to pay by check, spell out the name “Internal Revenue Service” because it’s harder to forge than the letters IRS.
10. Don’t email tax information or returns to your accountant.  Email is not a secure way to send any document.
11. If you make copies of your return on a photocopying machine, be aware that many machines keep a copy of your pages in short term memory!  Using photocopiers in public locations is not recommended.
12. Don’t forget to shred any unnecessary documents or copies when tax season is over.  Dumpster divers will be on the prowl to get your banking account details and SSNs.
13. Finally, check your credit report immediately after tax time and again a few months later to make sure your personal information wasn’t stolen and is not being used against you.

For more information concerning tax safety please see our other IDGuardian blog posts:

• Phising: A Demise That Has Been Greatly Exaggerated (Jerry Thompson)
• A Re-Routed Refund (Anne Madrid)
• Tax Season 2011: Making Identity Theft Far from “EZ” (Neal O’Farrell)

Remember to use extra caution and care when filing their taxes this year.

Administrators’ Note: With 2011′s Income Tax deadline closing in fast, we asked Cybersecurity expert Neal O’Farrell to return to his earlier posting concerning tax scams. Please comment and syndicate this 2011 edition of tax tips that will keep you safe before and after the April deadline.

Is it just me or does it feel like tax time was not that long ago? As the tax deadline looms just around the corner, one group of citizens is just giddy with excitement. No, not tax preparers. For identity thieves, tax time is one of the best and busiest times of the year as they prey on unsuspecting taxpayers caught in a whirlwind of returns, refunds and rebates.

So why is tax time so good for identity thieves? Three simple reasons:

• A lot of money will be on the move as millions of citizens send and receive billions of dollars in tax payments over a very condensed period. According to the IRS during last year’s filing season nearly 100 million taxpayers received refunds totaling $260 billion. That doesn’t include all the checks that went out to the IRS from taxpayers.
• Tax time involves a lot of documents, laws, and communications – the ideal time to trick a busy taxpayer. And of course many of these documents contain the taxpayer’s crown jewels – name, address, spouse, employer, Social Security Number, bank account number and much more.
• The letters IRS scare most people and scare tactics have always worked well for thieves (Your computer has been infected, your bank account has been suspended – any of these sound familiar?)

Tax time scams are nothing new, and the scams we’ve seen so far this year are a predictable rehash of previous years. But what you really need to watch out for are more clever variations that are more likely to catch you off guard.

Most of the scams you’ll probably encounter this year will come in an email or phone message, although you shouldn’t rule out the possibility of a snail mail scam.

Here’s a selection of the kinds of tricks the scammers will use, and most are likely to come as pretty convincing IRS communications that will prey on fear, urgency, or greed:

• Someone else has submitted a tax return using your Social Security number and in order to fix the problem you’ll have to confirm your Social Security number (or submit an online dispute or claim form that includes your SSN).
• The IRS can expedite your refund if you submit your bank account and routing information.
• If you don’t accept direct deposit of your refund directly into your bank account, you’ll face a fee or penalty.
• The IRS has your stimulus check or rebate and would like to lodge it in your account. This can be a very effective trick because there are so many stimulus programs or discussions going on.
• The IRS would like you to participate in a taxpayer satisfaction survey which will eventually either ask you for personal information, or the link in the email will lead to a malicious download.
• The IRS now offers a generous installment payment plan if you owe taxes, and you can begin by submitting your bank account information.
• You’re being audited and you must respond within 24 hours using an online form.
• The IRS already sent you a check but it has not been cashed, and you’ll need to confirm your bank account information or Social Security number in order to have the check resent.

Banking Trojans are a major threat this year, and definitely not the kind of malicious software you want on your computer. These very sophisticated programs are designed to steal your bank login and password, clean out your bank accounts, and sneak away before you know it.

And if you have a banking Trojan on your computer when you file your taxes online, there’s a good chance you’ll lose your Social Security number too.

According to security firm Panda, Trojans made up nearly two thirds of all new malicious software identified during the first quarter of 2010, and the majority of these were banking Trojans according to the company.

Consumers are not the only target. Businesses can expect to receive fake IRS emails containing attachments purporting to be changes in tax laws, a tax problem with a specific employee, or threat of an audit.

The attachment or link is likely to contain a Trojan or other malware that could easily empty the victim’s bank account, and the FBI estimates that more than 200 businesses lost more than $40 million through this scam in 2009.

These can be very effective scams because businesses expect to receive this kind of correspondence, although they shouldn’t expect them by email.

And don’t just watch for IRS scams. There are numerous scams in circulation focusing on property tax appraisals, so keep an eye out from scam emails and even letters purporting to be from your local county tax assessor.

So what should you do to avoid being scammed?

• Be suspicious of any calls or emails purporting to be from the IRS, no matter what the issue. For example, some scams claim that someone else has already filed tax returns in your name or with your SSN.  The IRS will always write to you first, will rarely call, and will never email you.
• Never confirm your SSN or bank account details by email or over the phone.
• If your bank or employer has been taken over lately, be wary of any calls asking you to confirm your tax information or employment status.
• Guard your mail because it’s especially attractive at tax time. Ideally, have your mail delivered to a P.O. Box and mail tax returns and sensitive information directly from the post office. Better still, have your taxes filed online.
• If you plan to use an online tax preparation service, make sure you stick with a reputable one that has adequate security measures in place.  And be careful when typing in the URL or web address of an online service in case you misspell the name and end up on a fraudulent site that looks like the real one.
• If you plan to use online tax preparation software and intend to keep a copy of your return on your computer, you should immediately rename your return with a different file extension.  It is also highly recommended you use a USB external drive to save your information instead of storing it directly on your computer.
• Make sure, before using tax preparation software, your computer is free of malware and spyware that can steal a copy of your SSN or bank account password.
• Choose your tax preparer carefully and don’t be afraid to ask them important security questions, such as how your information is protected at their offices during and after preparation, how long they will keep a copy of your tax return, and whether they conduct background checks on their employees.
• If you owe money to the IRS, try to pay online through their system.  If you have to pay by check, spell out the name “Internal Revenue Service” because it’s harder to forge than the letters IRS.
• Don’t email tax information or returns to your accountant.  Email is not a secure way to send any document.
• If you make copies of your return on a photocopying machine, be aware that many machines keep a copy of your pages in short term memory!  Using photocopiers in public locations is not recommended.
• Don’t forget to shred any unnecessary documents or copies when tax season is over.  Dumpster divers will be on the prowl to get your banking account details and SSNs.
• Finally, check your credit report immediately after tax time and again a few months later to make sure your personal information wasn’t stolen and is not being used against you.

A recent audit by New Jersey State Controller found a very troubling pattern of lazy security when it came to disposing of personal information on state-owned computer hard drives.

Although the state has very clear guidelines and procedures for the secure disposal of information on any device owned by the state (especially smart phones and computers, before they were auctioned or disposed of), state employees seemed to completely ignore those rules.

The audit was triggered by reports that state employees responsible for disposing of computers were rigging auctions for them or selling valuable computers for scrap.

What the auditors found, though, was much more troubling:

• Investigators found data on 46 of the 58 hard drives.
• Data found included addresses and phone numbers of children placed in state care, completed tax returns, Social Security numbers, a list of State employee computer passwords, and reports on children who may have been the subject of abuse (including the names and addresses of the children).
• State agencies regularly disposed of computer equipment without ensuring that data on the devices had been properly removed.
• 13 of 37 drives that contained business-related or sensitive data were packaged and ready to be shipped for public auction.
• Contrary to State requirements, agencies sent shipments of computer equipment for disposal with no certification that the equipment’s data had been removed.

One of the laptops tested contained numerous files of one State judge that included the judge’s life insurance trust agreement, his tax returns for three years, documents with the judge’s Social Security number, as well as sensitive legal correspondence.

What’s most troubling about the report is that it’s not unique. State agencies across the country are struggling with budget and manpower issues, and in many cases key precautions are overlooked and data is simply given away.

The criminal community is only too well aware of this opportunity, which is why they can often be found lining up at state computer auctions ready to pay cash for any kind of computer. They only need to get lucky once to pay for the investment.

RELATED STORY: N.J. Computers Sold to the Public at Auction May Contain Private Data

http://www.nj.com/news/index.ssf/2011/03/nj_computers_auctioned_to_publ.html

In Part One of Footprints of a College Graduate, we advised college graduates to take an objective look at their Social Media profiles with a particular focus on their updates, photographs, and commentaries. Now we turn the focus to credit profiles and the relevance they play in job searches, new purchases, and house rentals or buying.

Credit is and will continue to be an integral part of our everyday lives. Unfortunately, many adults — even those with business degrees — never learn the importance of maintaining and building good personal credit. The majority of students entering college are experiencing their first taste of freedom: no curfews, no daily parental guidance, and trial and error experiences that will help them grow personally and professionally. Credit card companies love college students, and enhance students’ newfound independence with “free” money; and for the particularly savvy, low interest rates. It starts innocently enough; but as time goes on, students can and often do get in over their heads.

According to Sallie Mae’s “How Undergraduate Students Use Credit Cards” report, on average, college students carry four credit cards, graduating with debt exceeding $4,000.  Since plastic can be deceptively easy to use, particularly when virtually anything can be purchased with a credit card – from the occasional meal at McDonalds to groceries to more extravagant purchases such as concert tickets and spring break vacations – it’s easy to understand how debt can accrue. If a student pays their bill on time, they can build a strong credit history that will benefit them in both the short and long run; but out of the students surveyed in the earlier cited Sallie Mae report, only 17 percent regularly paid off all cards each month, and another 1 percent had parents, a spouse, or other family members paying the bill. Missing just one payment or simply paying a bill a few days late can have a significantly negative impact on their credit. Credit scores, the most familiar being FICO, rate credit from “Very Poor” with a score starting at 350, to  “Excellent,” having a  top score of 850. Credit scores are used to rate creditworthiness, including credit card balances versus credit limits, total debt, payment history, derogatory payments, and other key factors. This score will determine the interest rate they can qualify for  on a new loan, their ability to rent an apartment, secure utilities including phone, electric, and gas, and interviewing for a job and undergoing employment background screening, a key factor in the hiring process.

Credit is important but good credit is essential. For students just entering school, use those credit cards wisely: pay off balances each month or at the very least make payments on time, and charge only what is necessary. For new college graduates, while their credit history may be short, it is important to take the time to review all three credit reports from the major Credit Reporting Agencies (CRA), available for free (one time per year) at www.annualcreditreport.com.

It is also essential that students, both heading to and graduating from college, understand the responsibility of protecting their credit data. Recent findings from the Javelin Strategy & Research 2011 Identity Fraud Survey Report revealed that younger consumers (18-24) suffer the second highest in “friendly fraud” incidents. ”Friendly fraud” is defined by the Javelin Study as when sensitive data is stolen by a family member, friend, coworker, or individual known to the victim. Friendly fraudsters are able to operate undetected because their personal knowledge of a victim allows them to more easily open new fraudulent accounts. Awareness of credit and personal information as well as the responsibility in keeping it secure is key to protecting everyone’s most valuable personal asset — their identity. College students and graduates should consider enrollment in credit and public record monitoring services so they can be alerted to changes to their credit reports and to non-credit information (utilities, cell phones, etc.) and respond quickly to potentially fraudulent transactions.

It’s never too late to improve upon or become educated about credit. Good financial health can save time and money both now and in the future. Adults of all ages should proactively take control of their credit and personal identity. A resume personifies a person’s experience and achievements based on their own perception. A social identity is created by an individual and shaped by the virtual participation of “friends.” Credit profiles and public information convey a much more pragmatic story that can have a positive or negative impact on a person’s identity and possibly result in denial of credit and employment opportunities. The good news:  It’s early enough in the credit cycle for students and graduates to take control of their credit and to make a difference in their future.

We’ve spoken many times about the growth of skimming, and how thieves are able to steal millions of dollars by tampering with ATMs and gas pumps. Criminals may now be widening their focus to include Point- Of-Sale, or POS systems, especially those used by smaller firms.

Security firm Trustwave recently claimed that its research indicated POS systems continue to be the easiest method for criminals to obtain the data necessary to commit large scale payment card fraud. Trustwave conducts investigations on behalf of the major credit cards processors like Visa and MasterCard.

Their report is based on an analysis of more than 220 investigations conducted as a result of suspected security breaches. It found that in 75% of cases, the target for criminals was the POS system. 85% of the data at risk was classified as payment card data, while corporate information and trade secrets only accounted for 11%.

Smaller businesses are believed to be particularly vulnerable in part because they don’t have sufficient security experts or processes in place, in part because they tend to use third parties to develop and deploy their POS systems.

Why POS systems? Because they usually grab a copy of everything that’s on the magnetic stripe of the user’s card – all the information the criminals need to clone that card.

And what are the most popular types of businesses for hackers? According to the report; food and beverage and retail industries accounted for 75% of all investigations, followed by hospitability, government, and education.

And in a worrisome sign that many businesses are still asleep at the wheel, the report found that the majority of investigations, 60%, were triggered by regulators, while only 20% were discovered by the actual breached organizations.

Lessons learned?

• Thieves are everywhere and always looking for new targets to exploit. Your best defense is always education and vigilance.
• Monitor your credit card and bank statements on a regular basis and be cautious of any unusual transactions.

With every tragedy comes opportunity. The opportunity to learn, to rebuild, to do things better, and to prove that people around the world will rush to the help of their fellow man. Between the 6.3-magnitude Christchurch Earthquake on February 22 and the 8.9-magnitude earthquake and tsunami off the coast of Japan on March 11, stories of hope emerge. From Christchurch came eyewitness accounts of individuals sporting superhuman strength in order to reach buried survivors. Japan, still reeling from their own geological events, is now receiving assistance from 91 countries and regions and six international organizations; including teams from the United States, South Korea, Australia, Germany, Mexico, New Zealand, China, Hungary, Singapore, and the United Kingdom. (Japan’s own search and rescue team was still in New Zealand, assisting with recovery efforts from the recent Christchurch earthquake, when Japan’s earthquake and tsunami struck.)

But these dark events also bring with them another kind of opportunity. Hidden amongst that crowd of good citizens are heartless opportunists who see another’s tragedy as their chance for a quick buck.

Whenever there are natural catastrophes like these, emails and websites from bogus charities quickly appear offering links to graphic videos or photos of the event and calling for donations. Instead, these links lead to malicious web sites looking to steal your personally identifiable information or install software designed to track your online activity and transactions. Scams like this cropped up during the Christchurch disaster, and are now quickly emerging within days of the Japan earthquake and tsunami.

According to the BBB, any criminal can create a fake charity website in a matter of hours, and are often just carbon copies of the real charity sites. The goal of these illegitimate websites is to solicit donations, steal personal information, and install malware on the giver’s computer. The Better Business Bureau (BBB) has a list of scams including charity based scams in their Top Five Identity Theft Scams of 2010.

A common tactic by scammers is the offer of a sensational video that races like a virus through web sites and social networks. As predicted, a variety of these scams are now making the rounds on Facebook, quickly taking advantage of the events in Japan. The scammers are inviting users to watch the footage and spread the message and link to their friends. But anyone falling for the scam instead finds themselves redirected to paid surveys and quizzes, all with the intent to either gain personal information or simply generate click-based advertising revenue.

It never ceases to amaze me that there are so many heartless people in the world who only see human tragedy and suffering as a way to make a quick buck. However, there is a powerful lesson to be learned: These scammers only devote so much time to these scams because they work. They know that enough people will fall for whatever trick they’re peddling in order to make it financially worth their while.

You can still make a difference though without exposing yourself or your friends to these scams. Before you click on that “Donate” button, take just a few more seconds to consider the following:

• Is the website you’re making your donation through the real thing or just a fake lookalike? The best way to ensure you’re on the correct website is to carefully type in the URL or domain name yourself, and not rely on email or Facebook links.
• Before making a donation, remember to review any charity with BBB’s Wise Giving Alliance  http://www.bbb.org/charity to verify that a charity meets the BBB’s 20 Standards for Charity Accountability.
• Give only to charities you know and trust, and preferably direct through their website rather than in response to a phone call or mail solicitation.

And concerning the social networking video scams…

• Control your curiosity, especially around major news stories and tragic events. Get your news from reliable sources and don’t overindulge.
• Be very careful about clicking on any links relating to these stories that come through Facebook or Twitter.
• Watch out for the warning signs, especially language like “Amazing, you’ve got to see this video…” etc., and any message that asks you to share with your friends or download or install something in order to view.

Scammers should never stop you from being human and wanting to help your fellow man. Don’t let them.

Be careful. Be vigilant. Be a hero.

March ushers in warmer temperatures, a deep-seeded passion for college hoops, and a change from the bleakness of Winter to something brighter and livelier. March also means students begin planning for their Spring Break destinations. Some may head down south to Key West or even further into the tropics. Some may set their week-long respite for destinations abroad. With online venues like Expedia, Priceline, and Orbitz, incredible deals on airline tickets and hotel rates are only a click away, offering stress-out students exciting opportunities for fun in the sun.

In the excitement of planning a trip with your closest friends on campus, it is easy to forget how the Internet and vacation sites are also hotbeds of opportunity for scammers, identity thieves, and organized crime gangs. Perhaps you are more concerned about how you look as opposed to how vulnerable you are, which stands to reason. A lot of things are happening — and happening fast — before you and your friends even hit the road or reach the departure gate for your Spring Break getaway.

The good news is that planning for your safety while traveling does not have to be the “buzz kill” of your Spring Break. Making sure you and your friends are safe only takes a few minutes to implement.

Before your departure date:

• Avoid travel deals that are too good to be true. While the earlier cited travel sites offer incredible deals, you might find better ones on Craigslist, Backpage, or Epage. Just because a deal is online, has an up-to-date timestamp, and might even link back to some really tantalizing images doesn’t mean the deal is legitimate. Stick with reliable sources, or check to see if the vendors offering these price-busting packages are endorsed by organizations like the American Society of Travel Agents, U.S. Tour Operators Association, or the Better Business Bureau.
• Discuss in detail your travel plans. How deep you go into the explanation of the trip will depend on the agreed itinerary and how flexible you want to be with it. Print up your travel plans (hotel, planned stops, etc.) and leave a copy with your parents or trusted contact, complete with hotel and mobile phone numbers. When traveling overseas, temporarily upgrade mobile plans to include international calls, but be clear this is for emergencies only.
• Apply for your passport early. Regardless of a student’s age, applying for a passport should happen no less than three months before your departure date. Routine processing time for a passport takes 4-6 weeks, while expedited service takes just under three weeks. There are express services online that may promise you a passport within a week, or even faster; but these services are expensive and require you to provide personally identifiable information (PII) in a rush capacity. If you do need expedited passport services, make sure you use a service suggested by the U.S. Department of State and not some random website offering “the best deal.”
• Make two photocopies or digital scans of sensitive PII. Sensitive PII is defined here as your driver’s license, your passport, and the primary credit card you’re using while away. Leave one copy at home in a safe place. Pack the other photocopy in a different bag from where you keep your PII. If your wallet or identification is stolen, immediately contact the local authorities or (when abroad) visit your home country’s embassy with photocopy in hand. If your photocopy is damaged or lost, contact a trusted friend or family member. Let them know where to find your photocopied PII and have them either fax or email it to you.

During Your Trip:

• Use a credit card instead of a debit card. While it does feel like you’re spending money you don’t really have and interest rates tend to run high on credit cards, protection plans against credit card fraud tend to be better than bank-issued debit cards. As mentioned on CreditLoan’s The Credit Blog, credit card customers can contact their card issuer if the card is lost or stolen, and be fully reimbursed for fraudulent purchases.  Fraudulent debit card purchases, on the other hand, are subject to protection limits issued by the individual bank. This protection is eliminated if the fraud is not reported within a specified period of time.
• Protect your identification and technology possessing PII. Now that you have reached your destination, regardless if you are staying with friends or in a hotel, keep your identification and charge card on your person at all times. As reported by Neal O’Farrell, hotels tend to be a central point for criminal activity. While alarming news reports surface of hotel-related crimes, this does not necessarily mean that your hotel is a den of organized crime. However, this does not mean that you should leave sensitive PII out in the open. Check to see if your room has a safe. Secure your iPad, laptop, and other electronic devices before heading out to enjoy your destination and avoid bringing these valuables to the beach where they can easily be stolen.
• Secure your digital media devices. If there is no hotel room safe, or if your room safe does not have room for an iPad, tablet, or laptop, activate security measures on your mobile devices. Featured on ID Guardian are several security measures that can lock out others from your portable devices, and even remotely lock down or erase the data if your portable media is lost or stolen.
• When traveling overseas, find out the contact information of your country’s Embassy or Consulate in your destination country. If you find yourself in trouble at any time, your country’s Embassy should be the first number you call. Find out where the embassy is in relation to where you are staying. Also have on a small card, preferable attached to the earlier mentioned pre-paid phone card, the phone number of the Embassy, Duty Officer, or Consular Section.

More safety tips and travel information can be found online at the State Department’s website, Travel.State.Gov.

By investing in a few precautions, you only ensure you and your friends a stress-free respite from academic pursuits. Now pack your bags, bring extra batteries and media cards for your camera, and have fun!

Yesterday I read a very interesting article entitled the Seven Human Weaknesses that Cyber Criminals Exploit.

According to the author, the human weaknesses that can get us into so much trouble with cyber crooks include:

• Sex – using alluring images of attractive men and women to tempt you to click on or download something.
• Greed – like the promise of a free iPad, a lottery that you never heard of, or an inheritance from a long lost Nigerian relative.
• Vanity – you’ve won a contest, a lost love is checking your profile, or you’ve been chosen to be listed in an exclusive Who’s Who.
• Trust – readily exploited on places like Facebook, when you click on something suspicious just because the sender claims to be a “friend of a friend.”
• Sloth – just too lazy to read the warning signals that usually accompany most scams.
• Compassion – for a friend stuck in a far away country and needs financial help, or a charity looking for donations to help victims of the latest natural disaster.
• Urgency – act now or regret it forever.

But redemption is at hand. You can avoid these menial sins by simply doing the opposite:

Ignore sex appeal – no legitimate friend or business will try to tempt you with sex

Check your greed – if it sounds too good to be true, it’s probably a scam.

Vanquish your vanity – sure you’re cool, maybe even universally admired. But chances of you being selected by People Magazine as the most interesting person on the planet? Probably remote.

Mis-Trust – Nothing wrong with admitting that it’s not like the good old days, when you could trust every stranger and you never locked your door. Those days are gone, at least for most of us. A little  cynicism may not be a bad thing.

Slow down, sloth – actually the best way to beat many scams is to actually be more sloth-like. Slow down, read carefully, and think twice before you click on anything.

Compassionate caution – don’t lose your compassion for anyone or anything, just because the bad guys try to take advantage of your good nature. Just temper your compassion with caution, and while you’re giving generously, do so cautiously.

Insurgency – it’s time to saddle up and fight back. Cybercrime affects us all, directly and indirectly, and we all pay the price. But the most powerful crime fighting technology is wedged right between your ears. It’s time for every individual to get involved and guard their small corner of cyberspace.

RELATED STORY: The Seven Human Weaknesses that Cyber Criminals Exploit.

http://www.baselinemag.com/c/a/Features/Seven-Human-Weaknesses-That-Cyber-Criminals-Exploit-876389/

Do you ever wonder why the third month of the year is called March? It could be due to the fact that everyone is on their feet and marching into some sort of high-focused, all-encompassing activity where the outside world disappears. For some, it is Spring Break, that magic week within the academic year that promises fun and sun, a welcome respite from the winter. For others, March means basketball. March Madness, in particular, where teams from across the country whittle down to the Final Four.

But for many, March is that time where receipts are gathered, numbers are organized, and accountants are clocking in overtime. Yes, March means preparation for the following month’s Income Tax filing.

Tax season involves the exchange of a lot of documents and communications which contain sensitive personal information including addresses, Social Security numbers (SSN), employer information, and bank account numbers, all of which can be used to compromise or steal the identities of their owners. Identity thieves will use various scams and schemes this year to either forcibly gain access to this information or con taxpayers into willingly and unknowingly handing it over. And with new IRS regulations, within two years, all paid tax preparers will be required to submit all returns electronically. Adding to this digital deluge of incoming data, the IRS has reported that the majority of income tax refunds will be sent to taxpayers electronically, making your computer and electronic networks everywhere a prime target for identity thieves.

In years past, fraudsters have used a number of methods to steal or obtain personal information. Fraudsters commonly masquerade as the IRS, calling and convincing unsuspecting tax payers to turn over their Social Security or bank account numbers in order to correct a factual error on their return or expedite the deposit of their refunds.  Fraudsters have also distributed emails claiming to be from the IRS with attachments or links that contain Trojans or other malware that can easily empty the victim’s bank account. Consumers need to be cautious not just of scammers working under the mask of the IRS, but also of emails or phone calls from property tax appraisers or local county tax assessors, which could just be another rouse employed by identity thieves.

In order to help you avoid even the best laid identity theft traps, we have compiled a list of tax season safety tips to guide consumers this year.

Top 13 Tips for a Safe & Secure 2010 Tax Season:

1. Be suspicious of any calls or emails purporting to be from the IRS, no matter what the issue. For example, some scams claim that someone else has already filed tax returns in your name or with your SSN.  The IRS will always write to you first, will rarely call, and will never email you.
2. Never confirm your SSN or bank account details by email or over the phone.
3. If your bank or employer has been taken over lately, be wary of any calls asking you to confirm your tax information or employment status.
4. Guard your mail because it’s especially attractive at tax time.  Ideally, have your mail delivered to a P.O. Box and mail tax returns and sensitive information directly from the post office.
5. If you plan to use an online tax preparation service, make sure you stick with a reputable one that has adequate security measures in place.  And be careful when typing in the URL or web address of an online service in case you misspell the name and end up on a fraudulent site that looks like the real one. Invest in software that can help you stay safe by alerting you to questionable sites when you type in URLs.
6. If you plan to use online tax preparation software and intend to keep a copy of your return on your computer, you should immediately rename your return with a different file extension.  It is also highly recommended you use a USB external drive to save your information instead of storing it directly on your computer.
7. Make sure your computer is free of malware like computer viruses and spyware that can steal a copy of your SSN or bank account password.
8. Choose your tax preparer carefully and don’t be afraid to ask them important security questions, such as how your information is protected at their offices during and after preparation, how long they will keep a copy of your tax return, and whether they conduct background checks on their employees.
9. If you owe money to the IRS, try to pay online through their system.  If you have to pay by check, spell out the name “Internal Revenue Service” because it’s harder to forge than the letters IRS.
10. Don’t email tax information or returns to your accountant.  Email is not a secure way to send any document.
11. If you make copies of your return on a photocopying machine, be aware that many machines keep a copy of your pages in short term memory!  Using photocopiers in public locations is not recommended.
12. Don’t forget to shred any unnecessary documents or copies when tax season is over.  Dumpster divers will be on the prowl to get your banking account details and SSNs.
13. Finally, check your credit report immediately after tax time and again a few months later to make sure your personal information wasn’t stolen and is not being used against you.

For more information concerning tax safety please see our other IDGuardian blog posts:

• Phising: A Demise That Has Been Greatly Exaggerated (Jerry Thompson)
• A Re-Routed Refund (Anne Madrid)
• The Taxman (and Identity Thieves) Cometh (Neal O’Farrell)

Remember to use extra caution and care when filing their taxes this year.

Attending the RSA Conference this year is Steve Schwartz, Executive Vice President of Consumer Services at Intersections, Inc. Steve sat down with Tom Field, Editorial Director of Information Security Media Group, to discuss the 2011 Javelin Strategy & Research Identity Fraud Survey as well as the myths and realities of identity theft. This podcast is presented via syndication from the Information Security Media Group, the people who bring you BankInfoSecurity.com.

Our audio and video columns can be listened to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes

Steve Schwartz, before stepping into Intersections’ role of Executive Vice President, Consumer Services in 2006, served as Senior Vice President at The Motley Fool, as well as Vice President at Time Life, Inc. During his career, Mr. Schwartz has worked extensively in the direct response marketing field, including positions at Book-of-the-Month Club and Columbia House.

Thank you for listening
and stay safe.

Last week, news outlets released some amazing statistics concerning this year’s Black Friday and Cyber Monday. The Huffington Post reported that sales in physical retail shops during the Black Friday weekend were up by 12.1 percent from 2009. For Cyber Monday, Bloomberg reported Internet retailers cracking the $1 billion ceiling, the first time in Cyber Monday history, bringing its numbers up by 16 percent from 2009. Then, in the aftermath of such retail bliss, another statistic made headlines:  Eight million customers, an estimated 11 percent of all credit card owners, are no longer using their cards for shopping. With such a drop in card usage, credit card companies and banks are turning to a tried-and-true method of attracting customers: Celebrity-endorsed credit cards.

One such celebrity credit card unveiled back in October was the “Kardashian Kard” featuring the Kardashian sisters. The idea behind the card was that it was a pre-paid card that could be accessible (as well as targeted) to young adults. By making it a pre-paid card, its owners could work on a budget as well as build a solid credit history. The concept sounded good until credit analysts and consumers (one of them, Connecticut Attorney General Richard Blumenthal) began digging into some of the unpublicized fees the Kard charged its users. Between the cost of owning the card for a year ($99.95) to transaction fees ($2 per transaction), the Kard came under heavy scrutiny, so heavy that the Kardashians — after premiering the card with great fanfare — pulled out of the deal, less than happy with the publicity the card garnered.

Pop culture credit cards are nothing new, and have changed very little over the years, except for the celebrities featured. In the 1990s, branded credit cards featured Apple, Hulk Hogan, KISS, and Frank Sinatra. In the early 2000s it was Usher, Austin Powers, and Hilary Duff. Now in 2010, alongside the cast of Twilight, there are more than 30 pop culture credit cards geared specifically for teenagers according to a recent New York Times article.

Whether it is the decline in credit card users or targeting teens in their naïveté concerning finances and credit scores, picking up a pop culture card can be a very risky investment. Consider your options:

• While you can perhaps pick up a prepaid credit card with Taylor Swift, Justin Bieber, or The Green Lantern on it, keep in mind that you can also pick up a standard debit card from your bank that charges no additional fees for purchases, customer service, or to add money to the card.
• If you do opt for a pop culture credit card or a personalized credit card, check the documentation for any extra fees such as fees for increasing the credit line, transaction fees, monthly subscription rates, etc. (As mentioned earlier, the Kard is not the only culprit here.)
• Check the interest rates for these branded credit cards and compare them to standard ones.
• Consider other cards offering cash refunds, airline points, or hotel points as alternatives to the pop culture cards. Both may have extra fees or higher interest rates, but with reward cards there are more options than a celebrity staring back at you every month.
• Work with your teenager in credit management. Have them manage their own checking account. Make sure they pay their bills on time. Make sure  they understand the consequences of spending beyond your financial means.

With this reported drop in credit card usage this holiday season, consumers are getting savvier about how they spend their money; and with credit card companies turning to celebrity-endorsed credit cards, you should take a moment to read the fine print. It’s great to be part of the hip crowd; but is being hip truly worth the cost, particularly in the long run? Perhaps the run-of-the-mill credit card isn’t as slick as the celebrity-endorsed one, but when you consider the money saved in annual fees, interest, and other costs, you find out that the basic card, while not as trendy, is a smarter choice.

Today is Cyber Monday, the online version of Black Friday where vendors are marking down inventory and offering great holiday gifts at fantastic discounts. A full listing of today’s online deals can be found at CyberMonday.com; but if you are prowling the Internet for incredible deals, you might come across offers not covered on Cyber Monday’s official site…

…and this is where we at IDGuardian offer you some cautionary advice.

If deals found off the beaten path of the Internet sound too good to be true, many times they usually are. Along with last week’s post, IDGuardian is offering this “podcast replay” from Neal O’Farrell. Originally aired last year, this is Neal’s commentary on Black Friday, and helpful tips that work just as well for today’s online bargain hunting.

Our audio and video columns can be listened to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

Neal O’Farrell is a nationally recognized expert on cybercrime and identity theft. Neal is a board member of the Center for Information Security Awareness and the first to train an entire police department in identity theft awareness. He is also the founder of the Identity Theft Council, just launched this year in the San Francisco Bay Area.

This podcast is copyrighted 2009-2010, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening, shop smart,
and stay safe.

I realize I am dating myself, but when I started banking, as a teen, Automatic Teller Machines (a/k/a “ATMs”) were the latest and greatest, high tech banking contraption. Using an ATM card was far more convenient than writing a check to “Cash”, as long as you kept the receipt and remembered to record the withdrawal in your check register.

ATM cards were not as yet accepted by merchants. If you are younger than 30 and reading this, you may not know that the “old fashioned” ATM card was not partnered with VISA or MasterCard, and always had to be used with a PIN number at a bank branch.

As long as you didn’t tell anyone your PIN number or create a PIN that was easy for someone to figure out, it would be difficult for someone to use your card if for some reason they were able to get a hold of it.

Then merchants began accepting ATM cards, and later partnered with Visa and/or MasterCard, which added the benefit of allowing you to use your ATM card anywhere Visa or MasterCard were accepted. With each advance in the banking industry it provided the bad guys with more and more ways to exploit the system and steal from you.

The advent of Skimming, the use of a device that electronically retains the information off the magnetic strip of your ATM or credit card, is one such exploit. When a card is skimmed, your data is reprogrammed onto a counterfeit credit card. If your revolving credit card—that which collects interest and is paid month to month—were “skimmed”, assuming you check your bills and caught it within the mandatory reporting period, at least the issuing bank would not hold you responsible for the charges and you would not accumulate interest while they conducted their investigation. These charges, regardless of the nature of the reported fraud, are not refunded immediately as the issuing bank or merchant must still conduct an investigation to make sure you have not filed a false claim.

Your revolving credit card also used to require a real pen with a real ink to sign your name, and touching the receipt, which was then retained by the merchant (otherwise known to Law Enforcement as a “potential lead”). Now, many merchants have electronic signature pads, and do not required  and/or are discouraged from asking for identification. Some even require no signature at all for purchases under a maximum dollar amount.

Now let’s look at worst case scenario. Your credit or debit card is skimmed and the information from the magnetic strip, which is directly linked to your checking account, is reprogrammed onto a counterfeit card. The suspect can now use that card anywhere Visa or MasterCard is accepted and drain your account and any account that is set up for overdraft protection, savings, home equity, other credit card, and so on. By the time you figure it out all your money is gone and your outstanding checks are bouncing.

Sure, your bank will eventually give your money back, but often not before they have conducted their investigation and you have helped prove that none of the charges are yours.

So what should you do?

• Inspect ATMs carefully and make sure there are no external devices attached to the machine. If it doesn’t look right, don’t risk it. If you need to withdrawal cash, you are far safer using an ATM at a bank than a standalone machine within a random business, as they are much easier to compromise.
• If you don’t count on the convenience of the Credit or Debit card, only carry an ATM card, which requires a PIN number that only YOU know, and/or a regular revolving credit card which offers you the protection of not having your bank account drained.
• If you must have the Credit or Debit card, as I do, never let it out of your sight. If a merchant must physically handle your card, do not let them walk away with it. Yes, that means you cannot use it at restaurants where they walk away with your card to process the transaction. Restaurants are the most common location where cards are skimmed. If you don’t typically carry cash, keep a revolving credit card with you for any occasion where a merchant must walk away with your card.

With all that said there is a new un-detectible skimming method called Shimming, which is nearly impossible to prevent. Shimming works by compromising a perfectly legitimate card reader (like an ATM) through a very thin flexible circuit board inserted using a “carrier card” through the card slot. This circuit board locks it into place on the internal reader contacts that reads card data. Once inserted, the shim is not visible from the outside of the machine. The shim then performs a man-in-the-middle attack between an inserted credit card and the circuit board of the ATM.

So even though you are taking the above precautions by using only ATMs at bank branches, checking the ATM for sometimes sophisticated external skimming devices, and not allowing the card to go out of your site, you can still become a victim.

It really would seem that there is no safe way to bank anymore. I am not suggesting we go back to keeping cash under our mattresses, but you must check your accounts regularly, know your bank’s fraud policies and liability limits, and report any inconsistencies immediately, so that you have the best chance of getting your money back.

It’s that time of year again when thoughts turn to the less-than-exciting and impending return to the grind of school and homework.  While our bodies are fully engaged in sunshine and playing outside, we’ll soon be engulfed in the busy worlds of academics, sports, and social life.  And video games.  Whether you turn to Wii, PS3, Xbox 360, your PC, or even your PSP, DS or iPhone, try not to allow the transition into the make-believe game world suspend your otherwise attentive and security oriented mind.   Yes, we’ve reached the point where games are no longer innocuous entertainment and in some cases have become the gateway to fraud.

IS THIS FOR REAL?

The short answer is “heck yeah” and the long answer is “and it is getting worse”.

I used to read about some sort of game related scam once in a blue moon, but now it seems like there’s something in the news at least once a week.  Usually these revolve around another player in World of Warcraft offering to sell someone something that they need in-game.  So someone walks up to you and says, “Do you want the all powerful dragon sword?”  Of course you do, but don’t follow him offline and email him your credit card number to buy it.

The latest scam combines a whole bunch of security risks we’ve been writing about on IDGuardian for a while: phishing, malware, social engineering.  The biggest excitement in early August (in the deafening silence of pre-Madden), the most anticipated game launch was for Starcraft 2.  And scammers were right on it.

As described here, phishing emails were sent out in an attempt to steal user accounts.  Emails were crafted to look like they were from Blizzard and contained a CD key.  Users were directed to a fake web site.  If they entered their account info in the form on that fake site, their accounts were stolen.

SO HOW DO I STAY SAFE?

The first step in staying safe is to follow the usual best practices when creating accounts.  Use strong passwords (8 or more characters, no words, a mix of letters and numbers) to protect your gaming account.  Never use the same password in more than one place or you’ll risk losing the keys to the kingdom.  Don’t use easily guessable passwords either like your dog’s name followed by 1234, i.e. toto1234.  The least sense a password makes the better.

The next step is to suspend whatever level of trust has been established among humans in your online game world.  There’s really no guarantee that anyone is who they say they are.  After all, you’re probably not interacting with “John Smith” and instead you’re interacting with “Klosko the War Ogre”.  Don’t loan anything of value to anyone else in game, and make sure to be suspicious of other players who want to trade equipment with you directly.

If anyone offers to complete a transaction outside of the game world then run away as fast as you can. Typically, a fraudster will try to get you to leave whatever protection there may be within the game world and go somewhere else to engage in a transaction.  This should send up red flags as it is the online equivalent of asking you to step into an alley to buy a shiny new watch.

No one should ever ask you for your credit card number and/or other PII. Social engineering is rampant and is especially effective against children.  If you’re a parent, make sure your children understand not to give out this information.  In fact, don’t even let them access this information – hide it if possible.  Explain that while it is valuable for their character to explore and meet new people, it may not be safe for players to meet new people.  When in-game, stay in-game.  Never introduce real assets to potential fraud in the game world.

There’s also the more drastic option of setting parental controls in Windows,  Mac, Wii, PS3, and Xbox 360. These can prevent different online activities or even prevent a child from going online at all.  This may be a good option for parents who can’t supervise the majority of play time, and as a parent you should be forewarned that today’s games are designed with dozens of hours of gameplay in mind.  Setting rules that your kid can only play with you there isn’t feasible.

Plus, it’s hard to remain vigilant after watching 40 hours of Mass Effect 2.

Zero liability. It even sounds good. And it’s supposed to. It was coined by the financial industry and driven by federal laws to ensure that victims of identity theft and fraud would not be liable for unauthorized charges or withdrawals on their accounts.

In most cases, your liability for the actions of thieves, even if you can’t actually prove it, will be zero. Or at least close to – in some cases you are required to cover the first $50 yourself, sort of like a fraud deductable, but in most cases your bank or credit card company will waive this too. All in the interest of a happy and loyal customer.

Not so in the case for a Georgia couple unfortunately, when they noticed that the more they put into their bank account, the lower the balance fell. So they immediately contacted their bank, who investigated and quickly found more than $1,000 in unauthorized charges.

The bank agreed to honor their zero liability pledge and did return most of the stolen funds. But it kept happening, and it seemed like the bank quickly adopted a policy of zero goodwill and refused to refund the couple’s newly lost money.

Why the sudden change? Apparently the couple made the cardinal mistake of not closing their compromised bank account and starting fresh with a new one. It’s always recommended that if your bank account or ATM card or PIN are compromised, your best bet is to close or cancel them quickly, and start fresh with a new account, number, card, PIN etc.

But for many bank customers, that can be a complicated and inconvenient process, and they’re not actually required by law to do it. And of course if your bank doesn’t demand the change either, you could be forgiven for assuming that your bank is OK with the idea. After all, a fraud has been discovered and the bank should be watching the account extra carefully.

As the saga continued, not only did the bank stop cooperating with the victims in this case, the bank started to charge overdraft fees on the couple’s account because the frauds had created a negative account balance at some point.

The victims finally agreed to close the account. But as if to reinforce just how insensitive a bank can be to the plight of fraud victims, within just weeks of the event the couple started receiving phone calls from debt collectors hired by the bank to collect the $153 in overdraft fees.

The reality of zero liability is that if the bank can find any reason to refute the victim’s claim, they can simply refuse to refund any lost money. The only option for the victim may be a long and costly lawsuit, which may not be realistic for a relatively small amount of money.

Lessons learned?

• Don’t rely on zero liability to always protect your accounts and funds, and to make you whole.

• Always have a backup plan in case your account is compromised and you can’t access funds or pay bills. A separate savings account is a good idea, just as long as you can make quick and penalty-free withdrawals in an emergency.

• In the event of bank account fraud, it’s always best to immediately close the account, and get a new account number, ATM card and PIN. It still won’t guarantee zero liability, but it will reduce the risk of the same crime happening again, and helps prove to the bank that you’re serious.

RELATED STORY: Couple says they’re victims of identity theft and their bank made it worse

http://www2.wsav.com/news/2010/jul/16/couple-says-theyre-victims-identity-theft-and-thei-ar-590713/

Do you plan to sell your home soon, or already have it on the market? If you do, you might want to be aware of a growing scam that is so easy to pull off you can expect to see a sharp rise as the housing market continues to struggle for air.

A homeowner called me to report that when he arrived home yesterday morning, he found a young couple at his front door asking to take a look around the house he had for rent.

He quickly explained that they made a simple mistake – his house was in fact for sale, not for rent. But it is for rent, the visitors corrected him, and showed him the ad they printed off Craigslist.

And sure enough, there was his house, in fine detail, including photos, advertised for rent on Craigslist. And at the knock-down price of just $1,200 a month for a completely remodeled 3-bedroomed home in a very nice neighborhood. The ad even had his correct name, although with an email address he didn’t recognize.

This kind of scam is growing nationwide, and while it requires a little creativity on the part of the thieves, the payoff can be worth it. The thieves use the Multiple Listing Service, or MLS, that realtors across the country use to list homes for sale, and simply select at random homes they want to target.

They then create phony ads using the real information from the selected listings, keeping the real address, and offer to rent the property at an unbelievably low price to the right renter. They usually offer some kind of excuse for the low price and sense of urgency, like the owner just got a great job offer abroad and wants to get a tenant in quickly.

What the thieves want is the personal information of the interested tenants – their names, addresses, phone numbers, and employers. They’ll even ask for a Social Security number so they can run a credit check on the potential tenant and get them into their dream home as quickly as possible.

A single advertisement can ensnare potentially dozens of victims at a time, and the first time the victims realize they’ve been duped is when an irate homeowner tells them to get out of his yard.

But it can get even trickier. In one version of the scam, the thieves try to go one step further and trick the innocent tenant into paying a cash deposit to hold the property for them. The thieves are preying on one human weakness that is the secret ingredient for so many scams – the willingness to ignore the obvious warning signals when a deal appears too good to be true.

In this case, the homeowner had to deal with a number of unwelcomed callers before Craigslist took down the fake ad, and he worries that some of the disgruntled home hunters may become violent and blame him.

Lessons learned?

• The best way to protect yourself against all kinds of scams is to follow one simple golden rule – if in any way it doesn’t sound right, logical, or legal, it probably isn’t and you should probably pass on it.
• Never give your personal information to a complete stranger, no matter how convincing they sound or how desperate you feel. Do your research first.

With Summer 2010 passing the halfway point, both individuals and families turn their thoughts and attention to the big getaway. Bags are packed, travel plans are confirmed, and then it is off to destinations far and wide. For many, it will be a different part of their respective country while some embark for international adventures. According to the U.S. Travel Association, 2.3 percent more vacation travel is expected this year than in 2009.

No matter where travelers are headed, they will likely be distracted by their trip details and new surroundings, making them prime candidates for identity thieves.   Identity thieves prey on unsuspecting tourists – even the savviest of business travelers – banking on the fact that many travelers are focused more on their itinerary than on their identity exposure.

So in the days before hitting the road or checking in with your airline, you might want to stop and consider how secure your identity is while on the road, as well as in your vacant home. By investing a few minutes in some basic safe practices, you can help to minimize the impact of identity theft.

1. Protect your home from burglars and identity thieves before you leave. Have your mail collected or held at the Post Office, have someone visit and turn lights on and off, and do not leave financial documents lying in plain view.
2. If you need to access your email from a cyber café or other establishment, limit your access, avoid entering any passwords to your personal financial accounts, and be sure to log off when you are finished with your session.
3. Try to avoid “tweeting” or blogging about your travel plans or talking about them on social networking sites like Twitter, Facebook, and MySpace. Thieves may use this information to target empty homes.
4. Protect yourself from key loggers, hackers, spammers, and botnets by installing anti-virus and anti-spyware software on your laptop computer.
5. If browsing the Internet with a wireless connection, do not assume public “hot spots” are secure.  Ensure you are using encryption to scramble communications over a network.
6. If you’re staying at a hotel or motel and receive a call from the reception desk asking that you confirm a credit card number, tell them you’ll provide the information at the front desk instead. The call could easily be a random one from outside the hotel.
7. Bring as few credit cards as possible and ideally carry just one with you and keep a backup card in the hotel safe.  Bring a copy of the emergency contact numbers for your credit cards and bank accounts in case they’re lost or stolen.
8. It is recommended that travelers do not use their debit cards while on vacation to further protect their checking accounts.
9. When withdrawing money from an ATM, be cautious, and be protective of your PIN.
10. Beware of pickpockets—remove all documentation and cards from your wallet or purse that you don’t need during your travels.
11. Use cash or travelers checks wherever possible to minimize the risk of credit card fraud or overcharging (this can also help avoid costly exchange fees if you’re traveling abroad).
12. Make a photocopy of the cards and documents in your wallet or purse, including credit and ATM cards, store cards, drivers’ licenses, etc. Leave the copy with someone you trust so if your wallet or purse is stolen, you’ll know what to cancel.  Or enroll in a card registry program that has your card information on file.
13. If you’re leaving for an extended period consider using a credit and public monitoring service that alerts you to potentially suspicious activity.

By being aware of your identity and all that is associated with it, and by following the tips outlined above, you can invest quality time with your family and relax while you are away.

Welcome to the IDGuardian Podcast. These audio and video columns can be listened and or viewed to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Neal O’Farrell, an expert on cybercrime and identity theft, and the Consumer Security Adviser for Intersections Inc. Neal is a board member of the Center for Information Security Awareness and the first to train an entire police department in identity theft awareness.

This podcast is copyrighted 2010, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

Welcome to the IDGuardian Podcast. These audio and video columns can be listened and or viewed to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Neal O’Farrell, an expert on cybercrime and identity theft, and the Consumer Security Adviser for Intersections Inc. Neal is a board member of the Center for Information Security Awareness and the first to train an entire police department in identity theft awareness. That program has since been used by more than 200 police departments and academies, as well as the FBI, the DMV, and U.S. Attorney’s Office.

This podcast is copyrighted 2010, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

A national law enforcement official who oversees a program to protect the elderly recently told us that fraud against older people is on the increase.

We see these heart-breaking cases everyday at ITAC: older people victimized by a con artist, family member or friend. They take advantage of the older person’s loneliness, generosity, and in some cases, diminished mental capacity.

Consumers who want to protect their older friends and family can take a page from the playbook of financial services companies, who are often the first to detect fraud against older persons. BITS, a division of The Financial Services Roundtable, recently published Protecting the Elderly and Vulnerable from Financial Fraud and Exploitation, a toolkit to give employees guidance on how to identify and respond to fraud and abuse.

Here’s are some of the “red flags” that may be a sign of fraud:

• Vulnerable adult has no knowledge of a newly-issued ATM, debit or credit card.
• Discovery of a vulnerable adult’s signature being forged for financial transactions or for the titles of his or her possessions.
• A set of “out-of-sync” check numbers.
• A sudden flurry of “bounced” checks and overdraft fees.
• Transaction review shows multiple small dollar checks posting to the senior’s account in the same month. This could be indicative of telemarketing or charity scams.
• Large withdrawals from a previously inactive checking or credit account or a new joint account.
• Abrupt increases in credit or debit card activity.
• Sudden appearance of credit card balances or ATM/debit card purchases or withdrawals with no prior history of such previous use.
• Withdrawals or purchases using ATM or debit cards that are:
  • Repetitive over a short period of time
  • Inconsistent with prior usage patterns or at times (e.g., late night or very early morning withdrawals by elderly customers, withdrawals at ATMs in distant parts of town by customers who don’t drive or are house bound.)
• Vulnerable adult appears confused about the account balance or transactions on his or her account.
• A caregiver appears to be getting paid too much or too often.
• Significant increases in monthly expenses paid which may indicate that expenses for persons other than the customers are being paid.
• Sudden changes in accounts or practices, such as unexplained withdrawals of large sums of money, particularly with a vulnerable adult who is escorted by another (e.g., caregiver, family member, “friend”) who appears to be directing the changing activity patterns.
• Vulnerable adult acknowledges providing personal and account information to a solicitor via the phone or email.
• Excitement about winning a sweepstakes or lottery.

We know by now that identity thieves are reaching far beyond credit card shopping sprees. A major risk for homeowners nowadays is mortgage fraud, which has been a huge contributor to this nation’s housing crisis. The Federal Bureau of Investigation (FBI) reported that 67,190 mortgage fraud suspicious activity reports (SARs) were filed in 2009 with more than $1.5 billion in losses.

The FBI also estimates annual losses between $4 – 6 billion, and statistics show that many victims of mortgage fraud do not discover misrepresentation or other fraudulent activity until almost two years after it has occurred.

Mortgage fraud schemes, like “liar” loans and application misrepresentations, are tough to spot and even harder to stop… but not impossible.

Mortgage fraud is preventable and there are key steps consumers can take now to stay safe from the threats. So as home buying season kicks off this month, educate yourself. Below is a list of top 10 consumer tips for detecting and avoiding a mortgage fraud scheme.

Top 10 Consumer Tips for Combating Mortgage Fraud:

1. Periodically check all of your home information with the recorder of deeds in your county.  If you discover any paperwork you don’t recognize, immediately contact your mortgage company and county authorities.
2. If you receive any statements or similar information from a mortgage company that is not yours, read the documents carefully and contact the company immediately to alert them to a discrepancy.
3. Beware of any offer that promises to “rescue” you from foreclosure, including loan modification programs that purport to be affiliated or approved by the government.  Do not make payments to any entity other than your mortgage lender or cease communications with your lender.
4. If you are at risk of foreclosure, your mortgage lender should be your starting point.  If you are considering third parties, make sure you transact only with qualified and approved credit counselors.
5. Get referrals for realtors and mortgage banking professionals. Check the licenses of the industry professionals and their company with state and local regulatory agencies.
6. Don’t assume that your lender has captured all of your personal information accurately. Check your application against the final loan documents to ensure that the information is correct and complete.
7. Understand what you are signing and agreeing to and do not sign any blank documents or similarly, forms that contain blank spaces. If you do not understand an agreement, re-read the documents or seek assistance from an attorney or trusted third party.
8. Check your credit report and public records information before refinancing your mortgage or purchasing a home and check again a few months later to make sure that if your personal information was stolen, it is not being used against you.
9. Report any suspicious activity to relevant federal agencies like the Federal Trade Commission as well as your local and state consumer protection agencies.
10. Finally, just as with any other offer, if a mortgage opportunity sounds too good to be true, it probably is!

According to the 2010 Javelin Strategy & Research Identity Fraud Survey Report, names and home addresses continue to top the list of critical personal data stolen by identity thieves. April through July has historically been the busiest time of year for home buying and selling. During these months, neighborhoods across the country are filled with moving trucks as homeowners, renters and their families move on from the old to the new. A lot goes into packing and moving a home and often times certain things can get overlooked – like the safety and security of a mover’s personally identifying information (PII).

Something as simple as a misdirected bank statement could end up in the wrong hands resulting in a compromised identity. Most homeowners don’t think twice about installing a security alarm in their new home after a move and often times activating the system can be done in a few simple steps. Along the same lines, if homeowners would take the same steps required to help protect their identities, they would be providing themselves and their families with invaluable protection.

Here are a few simple steps a homeowner can take to protect their identity from fraudsters before, during, and after a hectic move:

1. Before your move, make a list of all personal mail you receive on a regular basis. Notify banks, financial institutions and creditors of the move and redirect all paper statements and sensitive financial mailings to your new address, or, consider switching to online statements. The 2010 Identity Fraud Survey Report from Javelin Strategy & Research found that consumers who utilized electronic statement monitoring took less time to detect incidents of fraud and paid lower mean consumer costs ($116 vs. $274) than those monitoring paper statements. Make a checklist for:
   • Retirement accounts/Banking Institutions/Credit Card Companies
   • Utility companies (electric, gas, water, cable, etc.)
   • Insurance companies (medical, property, renters, fire and auto)
   • Local government agencies, federal agencies & the IRS
   • Healthcare providers
   • Schools
   • Suscriptions (magazines, newspapers, etc.)
   • Memberships
2. Submit a Change of Address request through the post office. Once the request has been filed, be on the look-out for a confirmation from the Postal Service and use this to verify your new information has been correctly updated. Mail should start to arrive at your new address within 7 to 10 business days after filing.
3. Shred all important documents and paperwork that will not be coming with you. Thieves will often go through garbage in search of things like pre-paid credit card offers that they can alter and use to create new accounts in your name. A decent shredder can cost as little as $50 and can be a very worthwhile investment. Make sure you are properly disposing of your shredded materials yourself – do not leave the task for anyone else to complete on your behalf.
4. Monitor bank and credit card statements for suspicious activity. Consider enrolling in an identity protection service that not only helps you monitor activity related to your credit, but also helps protect your computer, public records, and even mobile devices – all things that could have been impacted by the move.
5. Mover fraud is becoming more commonplace in the U.S. To avoid becoming a victim, do your due diligence and thoroughly research moving companies in your area. Ask for recommendations from trustworthy friends, family members, and real estate agents. And check with the Better Business Bureau to ensure the mover has a solid reputation. You should also make sure the mover is registered with the Federal Moto Carrier Safety Administration (FMCSA) and has a U.S. Department of Transportation (USDDOT) number before signing any agreements or obtaining an estimate.
6. Transfer all important physical documents that will be making the move, such as wills, stock certificates, bonds, etc., to a safe and secure place such as a locked box or an online secure vault. Keep the physical documents with you during the move and do not leave any secure receptacles for movers or others to transport.
7. Lock down your computer. Devote time and resources before your move to make sure all computers in your home are hack-proof and packed and out of sight before movers arrive. Take all computers, hard drives, and other external storage devices with you during the move.
8. Make sure you are present for the entire duration of the move. Your presence could deter potential theft from occurring and you can rest assured that your personal belongings are being taken care of properly.
9. After the move, verify that you are receiving all mail from the list of senders you identified and contacted beforehand. If something is missing or does not start arriving at your new address, contact the company immediately to confirm the address change and make sure that nothing is going to the old address.
10. Take time after the move to create a secure zone for the storage of secure data and to serve as a place where sensitive transactions like book keeping takes place. Update your computer security technology and consider tightening the physical security measures on the premise.

This is National Police Week, an opportunity to acknowledge the sacrifice law enforcement officers and their families make on our behalf.  The financial services companies that belong to ITAC, the Identity Theft Assistance Center, are especially grateful. We know it’s a difficult and dangerous job. Our members work with law enforcement everyday to keep you and your money safe.

The bad guys are turning from guns to sophisticated cybercrimes to rob banks, merchants and consumers of large sums of money. One recent case demonstrates the nefarious methods used by fraudsters to gain access to your money and how banks work to protect you and your money. In this case, the good guys won.

Two Belarusian nationals, Dmitry Naskovets and Sergey Semashko, were arrested last month on suspicion of creating and operating CallService.biz, a Russian-language site for identity criminals who traffic in stolen bank account data and other information.  The website was, among other things, designed to counteract security measures put in place by financial institutions.  Legitimate security measures require persons seeking to make transfers or withdrawals from accounts, or to conduct other financial transactions, to verify by telephone certain information associated with the account. Businesses that accept online or telephone purchases by credit card have similar security measures. Representatives at these financial institutions and businesses are trained to make sure that persons purporting over the telephone to be account holders appear to fit the account holder’s profile. So if an account holder is an American female, the screener is supposed to make sure the caller speaks English, and does in fact sound like a female.

In the case of CallService.biz, if a criminal wanted to access a person’s line of credit they would provide the account holder’s biographical information, including the account holder’s name, address, Social Security number, e-mail address and even answers to security questions the financial institution might ask to verify the account holder’s identity.  CallService.biz would then have someone who matched the legitimate account holder’s gender and was proficient in the needed language, pose as the account holder and call the financial institution to authorize the fraudulent transaction.

The site boasted that its purveyors had served more than 2,000 criminal customers.  Naskovets and Semashko advertised their services on other sites, such as CardingWorld.cc.  The ads boasted that their team had conducted more than 5,400 “confirmation calls” to banks.

The FBI seized the domain name pursuant to a seizure warrant.

Law enforcement held the winning hand in this case based on solid police work and international cooperation.  The loser, Naskovets, faces a maximum sentence of 39½ years in prison.  Financial services companies advocate tough sentences for criminals like Naskovets and Semashko in order to send a clear message: If you try to defeat our systems and defraud our customers, you will go to prison for a long time.

In honor of National Police Week, we salute the police force and their dedication to keeping our communities safe.

With graduation season closing in, we have presented commentary on the graduate’s Social Media and Credit Footprints, long-lasting impressions that can make an impact on a person’s reputation particularly in the working world. If you are graduating, or know someone who is about to take that walk to accept academic accolades, extend to them this checklist for peace-of-mind and security when entering the commercial sector:

• More organizations are now using social media as a way to discover and hire new interns and employees. Check your social media profiles before starting a job search. When reviewing your Social Media footprint, remove:
  • Incriminating pictures, videos, and unfavorable comments posted on Facebook, blogs, Twitter, and other social networks.
  • Personal details and opinions about friends, politics, or other topics that could be misinterpreted if taken out of context.
  • Unfavorable opinions about a job interview that could get back to a potential employer.
• Take an objective look at your social media profile or have your parent or friends review it before reaching out to prospective employers.
  • Ask yourself if you are comfortable sharing your social media profile, as it exists today.
  • Conduct a thorough search of your online identity by googling your name
  • Review all social networks you are are enrolled in for personal references. Also check inactive accounts that may not have been cancelled.
  • Before sharing any personally identifiable information (PII) with any vendors, online or in the Real World, ask three important questions:
    1. Who needs to know?
    2. Why do they need to know it?
    3. How is this information being protected?

• Credit cards can be deceptively easy to use, particularly when virtually anything can be purchased with them. According to United College Marketing Services, on average, college students carry 2.8 credit cards with a balance of $885. How you manage credit today will impact you now and in the future. Consider:
  • Pay credit card bills on time, doing so will help you build a strong credit history. Missing just one payment or simply paying a bill a few days late can have a significantly negative impact on credit. Pay your credit cards on time and completely, if possible. Use credit cards wisely by paying off balances each month, charging only what is necessary.
  • Credit scores will impact what interest rate you receive on new loans, your ability to rent an apartment and to secure utilities including phone, electric, and gas, as well as undergoing employment background screening.
  • Review all three credit reports from the major Credit Reporting Agencies (CRA), available for free (one time per year) at www.annualcreditreport.com.
  • Enroll in credit and public record monitoring services so you can be alerted to changes to credit reports and to non-credit information (utilities, cell phones, etc.), and respond quickly to potentially fraudulent transactions. For more information visit:
    • Credit.com
    • IdentityGuard.com
    • ITACSentinel.com

A resume personifies a person’s experience and achievements based on their own perception. Credit profiles and public information convey a much more pragmatic story, and can either positively or negatively impact a person’s reputation. As mentioned in Part I, with education comes vigilance and with vigilance comes empowerment. It is essential, particularly in this Digital Age in which we live, thrive, and conduct commerce, to protect our unique identities and improve upon credit. We are sharing more and more information online, and while — once upon a time — it was easy to dismiss it as “Who will find it online?”, the rise of Social Media and the ease of information gathering via smartphones and iPads have now made personal information protection part of our daily lives.

Proactively take control of your credit and personal identity. It is never too early to take control of your credit and Social Media presence.

In a recent posting, we advised college graduates to take a serious look at their social profiles with a particular focus on existing accounts with social networking sites. Now we turn our focus to credit profiles, and the relevance they play in job searches, new purchases, and house rentals or buying.

Credit is and will continue to be an integral part of our everyday lives and unfortunately, many adults, even those with business degrees, never learn the importance of maintaining and building good personal credit. The majority of students entering college are experiencing their first taste of freedom: no curfews, no daily parental guidance, and trial and error experiences that will help them grow personally and professionally. Credit card companies love college students, and enhance students’ new found independence with “free” money. It starts innocently enough, but as time goes on, students can and often do get in over their heads.

According to United College Marketing Services, on average, college students carry 2.8 credit cards with a balance of $885.   Since plastic can be deceptively easy to use, particularly when virtually anything can be purchased with a credit card – from the occasional meal at McDonalds to groceries to more extravagant purchases such as concert tickets and spring break vacations – it’s easy to understand how a small balance can quickly rise. If a student pays their bill on time, they can build a strong credit history that will benefit them in both the short and long run. But missing just one payment or simply paying a bill a few days late can have a significantly negative impact on their credit. Credit scores, the most familiar being  FICO, rate credit from “Very Poor” with a score starting at 350, to  “Excellent,”  having a  top score of 850. Credit scores are used to rate creditworthiness, including credit card balances versus credit limits, total debt, payment history, derogatory payments, and other key factors.    This score will determine the interest rate they  get on a new loan,  will weigh in on their ability to rent an apartment, to secure utilities including phone, electric, and gas, and interviewing for a job and undergoing employment background screening, a key factor in the hiring process.

Credit is important but good credit is essential. For students who are just entering school, remember to use those credit cards wisely, pay off balances each month, and charge only what is necessary. For new college graduates, while their credit history may be short, it is important to take the time to review all three credit reports from the major Credit Reporting Agencies (CRA), available for free (one time per year) at www.annualcreditreport.com.

Recent findings from the Javelin Strategy & Research 2010 Identity Fraud Survey Report revealed that younger consumers (18-24) suffer the highest fraud incident rates and take the longest time to detect fraud. Awareness of credit and personal information is key to protecting everyone’s most valuable personal asset — their identity. We strongly suggest that college students and graduates enroll in credit and public record monitoring services so they can be alerted to changes to their credit reports and to non credit information (utilities, cell phones, etc.) and respond quickly to potentially fraudulent transactions. Credit.com, IdentityGuard.com, and ITACSentinel.com provide helpful tips on credit management and identity theft protection.

It’s never too late to improve upon credit. Good financial health will save time and money both now and in the future. We encourage adults of all ages to proactively take control of their credit and personal identity. A resume personifies a person’s experience and achievements based on their own perception. A social identity is created by an individual and shaped by the virtual participation of ‘friends.’ Credit profiles and public information convey a much more pragmatic story that can have a positive or negative impact on a person’s identity and possibly result in denial of credit and employment opportunities. The good news:  it’s early enough in the credit cycle for graduates to take control of their credit and to make a difference in their future.

Welcome to the IDGuardian Podcast. These audio and video columns can be listened and or viewed to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Neal O’Farrell, a nationally recognized expert on cybercrime and identity theft. Neal is a board member of the Center for Information Security Awareness and the first to train an entire police department in identity theft awareness. That program has since been used by more than 200 police departments and academies, as well as the FBI, the DMV, and U.S. Attorney’s Office.

This podcast is copyrighted 2010, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

Welcome to the IDGuardian Podcast. These audio and video columns can be listened and or viewed to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Neal O’Farrell, a nationally recognized expert on cybercrime and identity theft. Neal is a board member of the Center for Information Security Awareness and the first to train an entire police department in identity theft awareness. That program has since been used by more than 200 police departments and academies, as well as the FBI, the DMV, and U.S. Attorney’s Office.

This podcast is copyrighted 2010, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

Banking and financial services providers may continue to feel the biggest pinch in the wallet based on the continued proliferation of the worldwide electronic identity theft epidemic, but the people who are most commonly seeing their personas and credit histories hijacked are at the other end of the spectrum.

When Javelin Strategy & Research releases its Identity Fraud Survey Report each year, we’ve come to expect that the study, now in its seventh year, will find that the theft of individuals’ personal information has once again risen substantially.

This year’s survey, which is based on telephone interviews conducted with 5,000 U.S. adults in late 2009, specifically contends that the number of adult ID fraud victims in the U.S. increased 12 percent to 11.1 million, with the financial fallout of all such crimes jumping 12.5 percent (or $6 billion) to $54 billion.

However, the 2010 iteration of the survey also finds that it is most often financially vulnerable segments of society — young people and small business owners explicitly — who are currently being most successfully targeted by identity thieves.

Huge banks, payment card providers and online trading companies are undoubtedly writing off mountains of losses based on all the phony and stolen accounts that they have to cover for each year, Javelin’s researchers concede. But it’s these two relatively shallow-pocketed constituencies that are being assailed by ID fraudsters at a noticeably accelerated pace.

When you think about it, it actually makes a lot of sense. So-called “Millennials” (or people ages 18-24) are being victimized in large part by fraudsters because they share so much of their information about themselves on social networking sites, Javelin notes. They also take the longest time, on average, of any group surveyed to detect that their reputation has been hijacked (132 days), leading to their personas being abused for the longest periods of time (149 days).

Essentially you have a group of people willing to post all the intimate details of their life on the Internet but who remain oblivious to their credit status. And many of them have no lengthy credit history at all, making it even easier for someone to take over and manipulate their likeness. Clearly, it all adds up to a perfect recipe for identity thieves.

As for small business owners, they on average experience ID fraud at one and half times the rate of all other U.S. adults, according to Javelin. The primary catalyst for this problem is that these individuals so frequently must use their personal information to handle business-oriented accounts and transactions, presenting attackers with a massive subset of people (typically without any IT security department watching out for them) that they can target for commercial-grade fraud.

These are people who also can likely least afford to have their identities taken offline for days, weeks or even months after discovering that they’ve been had and moving to regain their reputations. Beyond personal inconveniences and risks, their companies are likely to suffer as a result of any financial interruptions, especially in a troubled economy.

So, large corporations may be the ones who are writing off the largest parcels of cash as identity theft continues to grow by leaps and bounds every year. But, it’s increasingly the small guy with much to lose and almost no one watching out for them who are seeing their entire credit futures kidnapped.

Trickledown economics is as real in today’s world of cybercrime and identity theft as it’s ever been within the larger context. What remains to be seen is how this evolution will serve to chip away at the financial health of our society itself.

It is hard to believe that IDGuardian launched only four months ago (September 11, 2009 as a matter of fact); and in such a short time, we have brought you sound advice, different perspectives, and forward-thinking opinions on the subjects of Identity Theft, Credit Security, and Online Safety.

If you are new to IDGuardian, thank you for joining us. We have, at the closing of the year, compiled the “Best Of” from 24 blogposts so you can get a feel for what you will find here. For those of you already subscribed to IDGuardian, thank you for joining us and we hope you enjoy this retrospective of a new blog.

Take a look at what we have deemed the “notable bytes” from 2009 and feel free to leave your own favorite blog or podcast entry in the Comments section.

.

September

The ironic twist is that the burglars who use your own freely-offered personal life story to target your home when you’re not there are in fact not looking for your new TV or X-Box. What many of them are after is your Social Security number, birth certificate, financial statements and anything else they can use to clone your identity and hijack your life.

— Neal O’Farrell, When a Stranger Comes Calling

A more common method is to launder the money, once again internationally.  Many times this is done through unsuspecting money mules.  A typical scenario involves a mass spam campaign advertising to the recipient that he/she can make hundreds or thousands of dollars a week working from home.  Or then there’s the “you’ve won the Spanish lottery” spam, or the “you can recover this bank account you forgot you had” spam.  In all these cases, the point is to swindle the money mule into sending legitimate funds to the con man.  If it’s a straight on con, then they just keep the money.  If they’re laundering money, then they will actually send back some amount of “dirty” money in exchange for your “clean” money.  Now you’ve not only been cheated, but you’re part of an international identity theft and money laundering scheme.

— Matt Sarrel, Identity Theft: An International Consipracy

October

What [hackers are] usually after is personal information that can be used in identity theft. So just think of the information you may already post and share that hackers could use in identity theft – information like your name, date of birth, home address, work address, current employment, employment history, mother’s maiden name, family, friends, pets, your first school, favorite teacher, vacation plans, likes and dislikes, even photos of you and everyone you know. The list is endless.

— Neal O’Farrell, What Social Networks Really Reveal

But while the hype cycle of social networking risks may be at an all-time high, it’s hard to argue that the emergence of the Web 2.0 sites and applications hasn’t created a complex new set of privacy concerns that end users need to worry about.

The social networks themselves have already become breeding grounds for many different types of electronic attacks and social engineering schemes with most of those threats aimed at somehow stealing your personal data, infecting your computer or using your online reputation to assail those with whom you’re connected.

— Matt Hines, Social Networks Increase Risks to Online Privacy

Identity theft – by whatever name we choose to use – is a real problem, and will continue to be for many years. The world is digital – our transactions, communications, and relationships are tracked by marketers, read by virtual friends, and if not secure, vulnerable to fraudsters.  We can’t change the evolution of technology, nor should we, but we can become smarter about how we use it, who we transact with, the information we divulge, and most importantly, how we secure and monitor our personal information. Education is the first step to understanding the risks. When consumers educate themselves, useful services will dominate the market.

— Michael A. Stanfield, A Reply to Ms. Julia Angwen at the Wall Street Journal

Consider the possibilities for someone to carry out a physical assault, let alone a virtual attack, if they know who you are and where you are at any given time. If I was someone looking to rob your house or a jilted ex-boyfriend planning to stalk your movements, these seemingly innocuous tools would seem to provide a lot of helpful information to do that.

In the computing world, these applications, like other social media tools, unquestionably add another level of risk in terms of allowing someone to create targeted attacks to assail you with in assuming your likeness for identity fraud.

— Matt Hines, Mobile Web Driving New Privacy Issues

November

Many of us have established habits and lifestyles that, quite frankly, we don’t want to change. We like the convenience and benefits associated with loyalty/rewards programs, online shopping, and social media networks. Our information is already in cyberspace in so many different shapes and forms that it’s not likely we can pull it back and start over again. But we don’t need to panic. What we can do is be more vigilant about who we share our information with and ask why it is needed. Does the retailer really need your phone number? (They don’t; it’s for marketing purposes only.) Does your son’s baseball team really need a birth certificate? (Have them verify your son’s age at school.) Ask questions and if you don’t like the answer you get, don’t provide the information.

— Michael A. Stanfield, Lost in Translation

These rules may seem inconvenient or overly cautious to many consumers, but they are designed to help you by keeping the crooks from pretending to be you.  My goal is to make identity theft prevention a part of our learned safety behaviors, like putting on a seatbelt.  You don’t think twice about it.

— Anne Wallace, Be Prepared to Establish Your ID When Red Flag Rules Go into Effect

One of the best gifts scammers will get this year will come from retailers. Shoppers and analysts are already reporting shortages of the hottest Christmas gifts this year, as retailers try to avoid getting stuck with merchandise that they can’t move quickly.  This inventory shortage may force some shoppers to take greater risks than they normally take, and  scammers won’t miss the opportunity to take advantage of busy shoppers who are so determined to get that elusive holiday gift this year that they are willing to do whatever it takes.

— Neal O’ Farrell, Why Black Friday Could Be a Red Carpet for Scammers

Talk to your kids about the importance of their Identity. Teach them not to fill out forms online or offline to win a car, a cruise, or any other freebies in magazines, restaurants, etc.  More often than not, those are marketing ploys and their personal information will be shared across many marketing databases. Parents should carefully monitor all Internet activity and stay actively involved with who their kids are meeting online. They should also keep kids out of Internet chat rooms. Predators are just as real online as they are in public places.  All they need is an unsuspecting child to provide their name and home address, and they could track them down.

— Identity Safety for Your Child

December

Think before you tweet (Twitter), or post anything on Facebook, MySpace, or YouTube. Always assume that what you say, how you say it, and to who you say it will always be only a search away from friends, potential employers, stalkers, Internet predators, etc.

— Identity Safety for Your Teens

— Jerry Thompson, Threats Facing Consumers Online

According to Facebook’s new privacy policy, if you don’t select your own privacy settings Facebook will automatically do it for you, and to a standard that you might not be comfortable with.

For example, under current privacy settings people who are not friends can’t even see your marital status, gender, photo, or location. Under the new default settings, this information will now be open for everyone to see unless you go in and change your personal privacy settings.

— Neal O’Farrell, Saving Facebook

A number of organizations including the National Association of Attorneys General and vendors including Intel, Google and Microsoft recently announced the establishment of “Data Privacy Day” which will be observed on January 28, 2010, and involve a number of promotional events meant to raise consumer privacy awareness.

In more targeted efforts, a group of leading Internet publishers and digital marketing services recently launched an online campaign to educate consumers about how they are tracked and targeted by marketers over the Web. The Interactive Advertising Bureau (IAB) unveiled a related “Privacy Matters” Web site and a number of IAB members including Yahoo, Google, Walt Disney Co. and The New York Times Co. have volunteered to support the effort via links featured prominently on their own pages.

— Matt Hines, Searching for Bright Spots

As you can see by the amount of information (and these are the highlights!) here, IDGuardian has delivered valuable insight and information regarding identity protection and personal safety both in the real and virtual world.

This is, also, merely the beginning.

IDGuardian will, in 2010, bring you the voices showcased here along with new contributors and new features geared to start dialogues and get you thinking. Awareness and education are key in protecting yourself, and IDGuardian is here to do both of these and so much more. We hope that we have aided you in making the latter quarter of 2009 a safe one, and assure you that IDGuardian will continue to offer you tips, advice, and guidance in the coming year.

Thank you for commenting, for subscribing, and for taking part in our community. Celebrate safely, and we will see you in 2010.

Welcome to the IDGuardian Podcast. You can download and enjoy these audio and video columns either:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Neal O’Farrell, a nationally recognized expert on cybercrime and identity theft. Neal is a board member of the Center for Information Security Awareness and the first to train an entire police department in identity theft awareness. That program has since been used by more than 200 police departments and academies, as well as the FBI, the DMV, and U.S. Attorney’s Office.

This podcast is copyrighted 2009, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

For those of you following IDGuardian on Twitter, you may have noticed a change in how we are posting our popular TwitterTips. We have been thrilled with the amount of “retweets” (circulating attributed postings in other Twitter feeds) our TwitterTips have earned; but after talking with our network, a change was needed.

Originally, when we went online back in September, our TwitterTips originally looked like this:

IDGuardian TwitterTip: Perform random online searches of your name in order to find out what personal information is available.

In October, the format changed to:

TwitterTip: At 18 years of age, your credit is compiled and reported to the credit reporting agencies.

Now, our TwitterTips will appear in your feeds in this fashion:

In June 2010, the FTC will enforce “Red Flag” rules, designed to prevent identity fraud. (from @IDAssistanceCTR) #creditsecurity

The previous posting is still an IDGuardian TwitterTip; but here is what you need to know about our new approach to this old favorite:

Character Conservation. If you are new to Twitter, you will know that all the postings (or tweets) are limited to 140 characters, and those 140 characters include spaces. The earlier TwitterTips with their headers used valuable characters, making it difficult for others to retweet without dramatically editing the original post. Many users were removing the header, so in “rethinking the retweet” we decided to conserve on the characters and streamline our TwitterTips.

Trackable Tweets. You may notice in the new format a pound sign connected to a term. These are known as hashtags. Hashtags are keywords used within a tweet to track it via Twitter Search. This way, by establishing a hashtag as part of a tweet or  conversation, you can create a Trending Topic on Twitter, thereby increasing visibility. At present, the hashtags we are using are:

• #onlinesecurity
• #idprotection
• #creditsecurity
• #scam

By incorporating the hashtag, we can now make it easier to track who is talking about our TwitterTips and where they are being circulated.

Keep an eye out for our TwitterTips that still carry that same reliable news or helpful insight IDGuardian is known for, just in a more compact format. Thank you for following us on Twitter and here at our blog. Feel free to leave a review for our podcast on iTunes, and continue to share with us your thoughts, opinions, and reactions to the columns featured here.

Welcome to the IDGuardian Podcast. These audio and video columns can be listened to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes
  

This episode features Neal O’Farrell, a nationally recognized expert on cybercrime and identity theft. Neal is a board member of the Center for Information Security Awareness and the first to train an entire police department in identity theft awareness. That program has since been used by more than 200 police departments and academies, as well as the FBI, the DMV, and U.S. Attorney’s Office.

From the IDGuardian Administrators: Due to the timeliness of this subject matter, IDGuardian has released this morning’s column as a podcast. Have a listen and share with those in your network these helpful Holiday shopping tips from security authority, Neal O’Farrell.

This podcast is copyrighted 2009, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

From the IDGuardian Administrators: Due to the timeliness of this subject matter, IDGuardian will also be, later today, releasing this column as a podcast. Enjoy the read, have a listen, and share with those in your network these helpful Holiday shopping tips from security authority, Neal O’Farrell.

As many Americans start preparing for a busy holiday season, cyberthieves are fine tuning their scams in anticipation of a bumper crop of victims who will be presented with scams so convincing they’ll gladly invite them into their homes like a group of cheery carol singers.  As in years past, scammers have perfected the art of social engineering – getting inside the heads of victims so they can deliver scams many victims won’t recognize until it is too late.  And looking to profit from the soft economy, criminals are preparing to exploit money-conscious consumers whose need for some good luck might overcome their normal caution.

One of the best gifts scammers will get this year will come from retailers. Shoppers and analysts are already reporting shortages of the hottest Christmas gifts this year, as retailers try to avoid getting stuck with merchandise that they can’t move quickly.  This inventory shortage may force some shoppers to take greater risks than they normally take, and  scammers won’t miss the opportunity to take advantage of busy shoppers who are so determined to get that elusive holiday gift this year that they are willing to do whatever it takes.

This holiday season there will be the inevitable rehash of the same scams we’ve seen in previous years, but the tides have changed and the scammers are becoming more professional, convincing, and ultimately, more effective.  Today’s breed of cybercriminals now pose the greatest threat to holiday shoppers because they have the skills, savvy, and resources to con even the most battle-hardened shopper.

Some of the newer scams you may come across include:

• Which Tweeples Can You Trust? Don’t Fall for the Tweet Trap! Scammers fully understand the power and reach of social networks, and gathering places like Facebook and Twitter are a feeding ground for all kinds of thieves. The biggest threat to be wary of this year is the “Tweet Trap” – a message that appears to be from a trusted friend or follower passing on some great news, a real bargain, or a worthy cause, but instead hides spam, phishing fraud, or a malicious download.
• Need to Make More Money Fast? How Your Dream Job Can Turn Into a Complete Nightmare. With so many people facing a tougher holiday than usual, it is not surprising that heartless crooks will try to appeal to consumers’ emotions with offers of instant income and risk free financial solutions.  One of the most dangerous versions of this scam advertises very appealing and convincing part-time jobs, with no experience or training required.  Behind this scam lies a very sophisticated and well-orchestrated criminal system that scams banks, credit card companies, consumers – and ultimately job hunters.  The job specifications typically require the job applicant to simply receive and then forward packages on behalf of a foreign company, and get paid thousands of dollars a month for what seems like easy work. The new employees quickly finds themselves “promoted” into receiving and forwarding payments instead of packages, which should be another red flag for most of us. Of course, the packages and payments turn out to be obtained fraudulently, turning that dream job into a costly nightmare and often turning the job seeker into a criminal accomplice.
• Trojan Infections: The Gift that Keeps on Giving (Your Money Away!) The goal for many hackers this year will be to give you their own special gift, like a Trojan infection on your computer. Once in residence on your computer, these Trojans can easily grab your bank account and credit card login info, disable your security software, and sneak into your bank account by pretending to be you. Trojans are even smart enough to quietly drain your bank account over the holiday period based on the assumption that you’ll be too busy to check exactly how much you’re spending until the New Year.
• Attaining the “Rare Find” Gift – Too Good to Be True? You bet. Traditionally this kind of scam has focused on promising shoppers the hard-to-find gift at an irresistible price. In most cases the gift doesn’t exist, doesn’t arrive, the seller demands far more for it, or simply steals the shopper’s credit card information.  But this year, hackers are upping the stakes by hacking into the search ranking systems of the major search engines like Yahoo! and Google so that their fraudulent or malware-infected web sites appear at the top of shopper searches.  And most shoppers still believe that if a Web site is at the top of a search engine’s list, it has to be legitimate.

The good news is that you can slam the door on scammers, and all it takes is a little common sense:

• Take a tip from online merchants and “trust but verify.” Whether it’s online shopping searches, incredible gift offers, or holiday wishes from your Twitter “Tweeps” or Facebook friends, the best way to avoid gift-wrapping yourself for scammers this year is to turn your cynicism on to the highest level.  If you think before you click, you might just play Grinch to an identity thief.
• If your bank or credit card company sends you an email or even calls to warn you of insufficient funds or other problems with your account, contact them directly using the customer service numbers posted on their Web sites. Don’t respond to their emails or to any number they provide in an email or phone message.
• Watch your bank account balances daily. Trojans are smart enough to quietly drain your bank account over the holiday period based on the assumption that you’ll be too busy to check exactly how much you’re spending until the New Year.
• Don’t give a gift to digital burglars by Tweeting about your holiday plans (like when you’re going to be out of town) or all the cool stuff you bought.  Otherwise your new purchases may end up under someone else’s tree.
• Close the door on Trojans. The best way to avoid them is to:
  1. NOT  open attachments or click on email links
  2. Be careful where you surf and stick to “neighborhoods” where you really feel safe
  3. Regularly patch your computer and update your anti-virus and other security software.
• Give someone the gift of an identity monitoring service. It might not sound romantic, but it’s one of those gifts that will truly keep on giving, and will be treasured forever.

For years I’ve said that identity theft is a complex problem that requires cooperation between consumers, business and law enforcement.  In June, 2010, the Federal Trade Commission (FTC) will begin enforcing the “red flag” rules on thousands of businesses and organizations with consumer accounts.

The rules are designed to prevent identity fraud and require businesses that handle sensitive consumer information to have a plan in place to detect suspicious activity, or patterns of activity, that could result in fraud.  The rules affect a host of accounts, including credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts and savings accounts.

Most consumers won’t experience any changes in the way you do business with these companies.  But in case you trigger a red flag, or plan to open a new account after June 1, you should be prepared to confirm that “you” are really “you” and explain facts that can trigger a “red flag.”

For example, a red flag could be triggered if your address on a credit application doesn’t match the address on your credit report, or if there is a fraud alert on your credit report. Expect the creditor to take extra steps to authenticate your identity by requesting additional identification or by asking questions only you can answer.

You should prepare for added scrutiny when opening a new account or applying for a loan.  First, take more than one form of identification – a drivers license and a passport or other government-issued identification document.  Second, be prepared to answer one or more probing questions about yourself or your financial affairs – addresses of past residences or the name of the company that hold your mortgage.

These rules may seem inconvenient or overly cautious to many consumers, but they are designed to help you by keeping the crooks from pretending to be you.  My goal is to make identity theft prevention a part of our learned safety behaviors, like putting on a seatbelt.  You don’t think twice about it.

Welcome to the IDGuardian Podcast. On alternating weeks, we will present our contributors columns in brief audio or video segments. These media segments can be listened to in a variety of ways:

• Through the blog via the media player found in this blogpost
• Through a manual download by clicking on the “Download” link
• By subscribing through iTunes (coming soon)

This episode features Neal O’Farrell, a nationally recognized expert on cybercrime and identity theft. Neal is a board member of the Center for Information Security Awareness and the first to train an entire police department in identity theft awareness. That program has since been used by more than 200 police departments and academies, as well as the FBI, the DMV, and U.S. Attorney’s Office.

This podcast is copyrighted 2009, IDGuardian.com, All rights reserved.

Any use of the Content not expressly permitted by IDGuardian’s Terms of Use may violate U.S. or international copyright, trademark, and/or other laws. For questions or feedback please contact us at questions@IDGuardian.com.

Thank you for listening,
and stay safe.

One of the reasons it has been difficult for the law enforcement community in the USA to get the problem of identity theft under control is that the problem extends well beyond our borders.  The common misperception that Internet malfeasance is perpetrated by 15 year old boys with nothing better to do after school could not be further from the truth.  Identity theft operations are more often than not the purview of highly organized international groups of technology savvy criminals.

A common scenario involves a multitude of players.  First, there is the bot-herder, an Internet criminal who infects hundreds of thousands of PCs (perhaps located in the US or maybe in Brazil) with bots, or remotely controlled malware.  The bot-herder rents his botnet to the highest bidder who then sends phishing email to unsuspecting victims.  Even if these messages are traced, they merely lead back to someone who is a victim himself and not to the criminals.

These phishing and spam emails usually contain a link to a website that is cleverly designed to mimic a real web site.  For example, you might get an email “alert” of unauthorized account activity from your “bank”.  You click the link and instead of taking you to your bank’s website, you are taken to a fake website and prompted to log in; by the time you realize what happened it is too late.  That website could be hosted in China and it stores records in a database in the Ukraine.

Typically, the victims’ personal information is then harvested from the database, but this time maybe by someone in Ghana.  He then lists those identities for sale on a message board hosted in Poland where they are bought (usually with a stolen credit card) by a criminal in the US, or perhaps Thailand.

I journeyed into the dark side of the web a few months ago and discovered hundreds of websites, mostly hosted in Eastern Europe or China, which form a lively online trade in stolen identities.  Complete identities sell for $80-$300, bulk discounts given, which includes financial account numbers, billing address, Social Security number, home address, phone number and birth date.  Visa, Mastercard, Amex all go for $20-$30 for what’s called a full dump, or a reading of the magnetic strip that can be used to write a new card.  Credit card numbers, security codes and PINs are cheaper – usually less than $10 each and sometimes as low as $5 each.

Now the difficult part happens.  Our criminal can’t simply use the 10,000 credit cards he bought online.  If he has full magnetic strip info and the right equipment he can print new cards and sell them on the street.  However, it is much more likely that this stolen information will be used for online transactions, but if he buys lots of stuff then where will he have it shipped?  Incidentally, I have seen identity thieves stupid enough to use the stolen credit cards to order tens of thousands of dollars of merchandise shipped to their houses.  The good news is that usually makes them easy to catch.

A more common method is to launder the money, once again internationally.  Many times this is done through unsuspecting money mules.  A typical scenario involves a mass spam campaign advertising to the recipient that he/she can make hundreds or thousands of dollars a week working from home.  Or then there’s the “you’ve won the Spanish lottery” spam, or the “you can recover this bank account you forgot you had” spam.  In all these cases, the point is to swindle the money mule into sending legitimate funds to the con man.  If it’s a straight on con, then they just keep the money.  If they’re laundering money, then they will actually send back some amount of “dirty” money in exchange for your “clean” money.  Now you’ve not only been cheated, but you’re part of an international identity theft and money laundering scheme.

I see two actions that are required to combat this international conspiracy.

The first measure is something that I’ve been writing about for about 5 years – better collaboration between international law enforcement agencies and the establishment of an international body to police the Internet. How can a police office in San Francisco work with a fraud department in Texas, let alone an ISP in the Ukraine and an email provider in Brazil?  And in those rare cases where such collaboration does take place, it takes so long that by the time they can shut down the servers the bad guys have already moved on.

The second is increased end-user education, which is the primary goal of the IDGuardian.com blog.  A more savvy email recipient is less likely to fall for a spam based scheme or phishing.  Remember when your father told you if a deal seems too good to be true then it isn’t?  Apply that to every Internet transaction.  Never give away information or money before you know exactly who and what you’re dealing with.  When in doubt walk away.  If someone you never met before asked for your ATM card and your PIN would you give it to him?  Apply the same heavy skepticism you have in dealing with physical strangers towards dealing with Internet strangers.

Until law enforcement devises a solid methodology to defeat this international specter, it looks like we’ll have to do it ourselves.  Reading this blog and learning how to protect yourself online is a good first step.